Binance's global main domain is binance.com, and any other domain that looks like Binance is either a mirror, an imitation, or a phishing attempt. If new users are worried about clicking the wrong link, it is recommended to first bookmark the Binance website entry point and enter from your bookmarks every time afterwards; if you want to download the official app, directly use the Binance official app link, and iOS users should continue reading the iOS install guide to learn about switching Apple ID regions. This article provides a method to verify the authenticity of Binance within 30 seconds, suitable for self-checking before every login.
1. Why you should not use search engines to enter Binance
When searching for "Binance website", the top results are often mixed with promotional ads for counterfeit sites. Fake domains usually look like this:
binance-xxx.topbinanc-e.com(swapping the position of a letter)bınance.com(using the Turkish lowercase ı instead of the English i)binance.app,binance-app.io(looking like an "App download site")ibinance.com,binance-zh.cc
These domains have extremely highly replicated pages; the interface, logo, and fonts look almost exactly the same as the real Binance. The only difference is: when logging in, the password and 2FA code you input are forwarded to the attacker in real-time, and then they log into your real account synchronously to withdraw funds. The success rate of this man-in-the-middle attack is unbelievably high.
2. The 30-second verification method: Three steps are enough
Step 1: Check the browser address bar
The main domain must strictly be binance.com, and specific regional paths might be /zh-CN/, /en/, /ja/, etc. Any variation with lowercase letters, hyphens, or numbers besides this is not official.
Be particularly alert to two types:
- Subdomains that are too long: For example,
binance.login-verify-secure.com, the main domain is actuallylogin-verify-secure.com, and binance is just one of its subdomain prefixes. - IDN homoglyph domains: Replacing the English a or c with Cyrillic а or Russian с; the address bar looks exactly the same but it is actually a Punycode domain starting with xn--.
Step 2: Check the HTTPS certificate
Click the small lock icon next to the address bar and select "Certificate" or "Connection is secure". The real Binance certificate is *issued to binance.com or .binance.com, and the issuer is DigiCert (or its sub-brand Cloudflare Inc ECC CA-3). Even if a counterfeit site uses HTTPS, the certificate can only be issued to its own domain, not binance.com.
Step 3: Perform an "invalid login test"
This trick is almost the ultimate weapon against phishing: deliberately input a wrong password to try logging in.
- Real Binance: Will prompt "Incorrect password" and require completing a slider verification.
- Phishing site: Often lets you proceed to the next step without verifying the password, because its goal is not to verify, but to steal the password you input.
This test only takes 5 seconds and can be done once on any "Binance login page" where you are unsure of its authenticity.
3. Four recommended ways to safely enter Binance
Method 1: Browser bookmarks
After confirming you are on binance.com for the first time, press Ctrl+D (⌘+D on Mac) to save it to your browser bookmarks. After that, always enter from the bookmarks, and no longer manually input or search. This is the most recommended method.
Method 2: Manual input
Input binance.com character by character in the address bar and hit Enter. Avoid copying and pasting keywords like "Binance website" into the address bar to search.
Method 3: App QR code login
Users who have the official Binance App installed on their phones can open the app → tap the "Scan" icon in the top left corner of the homepage, and scan the QR code on the computer screen's Binance login page to complete the login. In this method, the account password and 2FA are not inputted on the computer keyboard, making it completely immune to phishing sites.
Method 4: Use a hardware security key
Hardware keys like YubiKey support the WebAuthn protocol — it only sends authentication signals to the real Binance, and will refuse to operate when encountering a phishing site. This is currently the most reliable way to counter phishing, but requires purchasing an extra key (around $45 USD).
4. What to do if you accidentally click into a phishing site
If you suspect you have already inputted your password or verification code on a phishing site, follow the steps below to handle it, the faster the better:
- Immediately switch to a known safe device (another phone or computer) to open the real Binance official website.
- Reset the login password — choose a completely new password you have never used before.
- Close all current active sessions: Account → Security → Device Management → "Log out of all devices".
- If you have enabled API, delete all API keys.
- Set up the anti-phishing code again (the phishing site might have already recorded the old code).
- Check the login records and withdrawal records within the past 1 hour; if there are abnormalities, immediately submit a ticket through customer support.
After completing the above steps, even if the attacker got your old password, they can no longer log in. If funds have already been transferred away, immediately contact Binance customer support to submit a stolen account appeal, providing the abnormal login IP time and transaction hash as evidence.
5. Ways Binance will never contact you
This is a crucial part of anti-phishing awareness training. The official Binance will never:
- Request you to provide your password or 2FA verification code via phone, WeChat, QQ, or Telegram direct message.
- Send SMS or emails asking you for "emergency verification" or "account abnormality, click this link immediately to verify".
- Require you to transfer assets to a so-called "safe account" or "customer support escrow account".
- Airdrop unidentified tokens to you and ask you to go to a certain page to "activate" them.
- Dispatch "customer support" to proactively add you as a friend, claiming they can help you "lift restrictions".
If any of the above situations occur, it is a 100% scam. Legitimate Binance customer support only communicates with you through the internal ticket system (the "Help" entry on the website or within the App) and will not proactively contact you through any external channels.
Frequently Asked Questions
Q: Can the Binance website be accessed directly in mainland China? A: binance.com is restricted from access in mainland China and requires a stable overseas network to visit. But this doesn't mean there are "accessible Binances" in the country — precisely because the main site is inconvenient to access, it leaves room for phishing sites to survive, and people end up searching for "accessible Binance website", making them easily scammed by clone sites.
Q: Are binance.info, binance.asia real as well? A: These are mirror domains activated by the official Binance, which are equally safe. But before using them, be sure to verify them on the "Official Domain List" page in the Binance Help Center, rather than listening to hearsay. This site's "Mirror Domains" category continuously syncs official announcements.
Q: If I haven't bookmarked it, do I have to manually input it again next time? A: You can also directly visit any article on this site and click the official link inside to jump to Binance — all redirects on this site point to the official binance.com domain and there are no intermediary transfers.
Q: Is it normal to see differences in the Binance interface on iPhone browsers and Mac? A: Normal. Binance pushes different layouts based on device types, and the mobile end uses responsive design. As long as the main part of the domain is binance.com, it is safe; interface differences do not affect authenticity judgment.