Home Tutorials Categories Download About Register Binance
中文 EN JA KO
Protection Center

Binance Official Domain

· About 19 min

Why Checking the URL Alone Is No Longer Enough

Identifying the official site used to rely on memorising one domain, but impersonation techniques have levelled up. Scammers buy domains with spellings close to binance (replacing the letter i with digit 1, n with m, adding hyphens in the middle), then use front-end templates nearly identical to the official site — impossible to distinguish by eye. Relying only on "look at the address bar" for judgement, you might hand over your credentials the moment you hurriedly click a search ad.

A safer approach is the inverse: do not trust the page first and log in — log in first and let Binance itself tell you whether it is the official site. Binance servers record every successful login in the "Login Devices" list. If the login you just performed is not in the account's device record, that page is not the real Binance. Treating this step as the final gate for official-site verification yields identification accuracy far higher than staring at the address bar looking for typos.

Visit Binance Verify Before Logging In

Binance offers a dedicated verification entry verify.binance.com to check whether various official resources are trustworthy. Paste the URL you intend to log in to, and it returns whether the domain is on the official whitelist. The first result in search engines, a link forwarded in a QQ group, a bookmark you have not updated in a long time — run each through Verify before logging in. This page itself could be imitated, so the correct practice is to type verify.binance.com manually rather than clicking through from search results.

After verification passes, open the login page, and at the same time glance at whether the padlock in the address bar is HTTPS, who the certificate is issued to, and whether the suffix is .com. If any of the three is wrong, close the tab and restart via Verify.

Immediately Open "Device Management" for Reverse Verification After Login

This is the critical step recommended by this site. After a successful login, go to the "Device Management" or "Login History" page in Security Center. You will see a just-happened login record with device type, browser fingerprint, IP, city, and time. This record must match the device you are on exactly.

  • Time must match to the minute
  • The browser matches what you are using (Chrome / Safari / Edge)
  • IP location aligns with your actual location
  • Login method — password, QR code, or app scan — is labelled

If you just "entered your password on the official site" but no new record appears in Device Management, the page you just logged in on did not send the request to the real Binance but to a server behind the imposter site. At that moment you must immediately change the password on the real site, reset 2FA, and check the withdrawal whitelist.

Enable "New Device Login Email Alerts" to Have Binance Proactively Raise Alarms

Go to "Security Center" → "Advanced Security" → "Account Activity Notifications" and turn on all switches for new-device login, off-location login, and abnormal API calls. Once on, any login from an unfamiliar browser or unfamiliar IP triggers an email or SMS within seconds.

The benefit for official-site identification: if a fake official site tries to relay your credentials to the real Binance to "log in on your behalf" in order to fool you (some advanced phishing does this), the real Binance treats it as an unfamiliar-device login and immediately alerts your email. If the alert contains the anti-phishing code you set, the alert itself is real. Click "This is not me" and Binance force-logs out all sessions and freezes sensitive operations.

Trusted Device List: Daily Logins Only on the Whitelist

In Binance's "Device Management" you can mark common devices as "Trusted". Once trusted, the device's login flow is smoothest and interrupted least by risk control. Logins from untrusted devices trigger additional email verification, face recognition, or even a 24-hour withdrawal cooldown.

A simple reverse-identification trick: on a device you have logged in from many times, visit the "Binance official site" and enter credentials. If the flow is identical to usual with no extra verification, it is most likely real. If it suddenly asks you to redo face recognition, resubmit ID, or "bind a new receiving address", this is not a normal login flow — it is an imposter site fishing for sensitive information. The real Binance does not suddenly ask you to resubmit KYC materials in an ordinary login.

For iOS Users, Sort Out the App Before Worrying About the Web

For iPhone users, the most stable way to identify the official site is actually the app, not the browser. The "Binance" app on the App Store is published by Binance Inc. Once installed, no matter which page you visit on the web, scanning the login QR code inside the app confirms the target is the real Binance. Detailed steps for switching Apple ID to an overseas region are in the iOS Download Guide — follow the steps there to obtain the genuine app.

After installing the app, always prefer "app scan-code login" over typing the password directly in the browser. The scan-code login request is generated by the app, the target is hard-coded on Binance servers, and imposter sites cannot intercept it. The password never appears on the web page.

Replace Search Engines With Browser Bookmarks

The first screen of search-engine ads is where imposter sites are most concentrated. Once you confirm a login entry is real via Verify, save it to your browser bookmarks bar and only enter via the bookmark thereafter, completely abandoning search-engine navigation. This single move blocks 90% of phishing risk.

Mobile browsers work the same — Safari and Chrome both let you add a page to the home screen. After adding, tapping the icon opens a fixed URL, immune to SEO poisoning in search results. Combine this with app scan-code login, and in daily use you rarely need to type binance.com manually again.

If the App and Web Disagree, Who Do You Trust?

Occasionally a situation arises: the web shows a new order but the app has nothing; or the app shows normal assets but the web shows zero. In that moment trust the app first, then immediately check whether the web domain is real. The official app and web read from the same back-end database; any obvious inconsistency means one side is not official.

Conversely, if the app alerts about an abnormal login while you are operating on the web, stop all operations immediately. Tap "This is not me" in the app, and re-log in via a trusted device to investigate.

Fixed Signals of an Imposter Site

  • No 2FA required after login, direct entry to account (the real site enforces 2FA)
  • The page asks you to upload your mnemonic or private key (the real site does not hold any on-chain wallet keys)
  • Requires you to transfer coins to a "verification address" to unlock (classic scam script)
  • Domain has suffixes like -cn, -global, or -official
  • Page prompts you to download a "client installer" rather than redirect to App Store / Google Play
  • Chat support pops up proactively claiming to help you handle an anomaly

Encountering any of these, close the page immediately — do not try to "walk through the flow to see". The real Binance official entry is at Binance Official Site Registration, and app downloads at Binance App Download.

FAQ

Q: Verify passed and the login device record matches — can anything still go wrong? Passing both layers basically confirms the site is official. Remaining risks come from malicious extensions planted on your device or clipboard hijacking — scan your browser extensions with antivirus periodically.

Q: I lost my phone, and Device Management still lists the old device — what should I do? Enter Device Management to manually delete the old device, then click "Log out all sessions" in Security Center, and set up 2FA again.

Q: Why does a re-verification sometimes trigger even on the same browser? If the browser has cleared cookies, been updated to a major new version, or you have switched IP ranges (for instance, from home to the office), Binance treats this login as a new device, and an additional verification is normal risk control.

Q: I received a login alert from an unfamiliar IP, but my password has not changed and assets are intact — is it serious? Yes. It means the password has leaked. Immediately change the password, revoke all API keys, enable the withdrawal whitelist, and audit orders and withdrawal records from the last 7 days.

Q: Can the official site's language be set to Chinese? Yes. Choose Simplified Chinese from the language switcher in the upper right. The switch is performed on the real Binance servers and does not affect domain-verification logic.

Android: direct APK install. iOS: requires overseas Apple ID
Download App Register Binance

Related Articles

How to Set Up Google Authenticator on Binance
What to Do If Your Binance Account Is Hacked
How to Set Up an Anti-Phishing Code on Binance