Searching "Binance official" on a search engine often returns a dozen or more results. The only real official entry is binance.com. Many other results are phishing sites optimized to the first page via SEO, or sites that paid for keyword ads. This article breaks down the characteristics of fake sites across three main techniques — search ad slots, Punycode character spoofing, and prefix/suffix domain disguise — so you can tell real from fake at a glance. For quick entry to the real site, use the Binance Official Site or the Binance Official App. For mobile installation issues, refer to the iOS Install Guide.
Search Ad Slots Are the Hardest Hit by Fake Sites
The "Official" Label on Ad Slots Means Nothing
Google, Bing, and Baidu ad slots label results as "Sponsored" or "Ad," but the ad system only vets the advertising account — not whether the domain is truly official. As long as the bid is high enough, anyone can make their phishing site show up at the top of search results. Historically, Binance phishing sites have occupied ad slots for long stretches more than once.
Ad Link URLs Go Through Redirects
Clicking a phishing ad passes through a tracking redirect chain. The real landing domain may be something like binance-login.cc or binance-official.io — clearly wrong addresses. But because the redirect is fast, users often don't notice before they're already typing their password.
The Identification Method Is Simple
When you see any "Sponsored/Ad" label in search results, skip it and scroll down to the organic results. The first result starting with binance.com in the organic results is the official one. A safer approach is to type binance.com directly into the address bar.
Punycode Is the Most Insidious Spoofing Technique
What Is Punycode
Punycode is a standard that converts Unicode characters (like Chinese, Russian, or Greek letters) into ASCII-displayable domains. For example, xn--80ak6aa92e.com can display in Chrome as "аpple.com," but that "а" is not the English "a" — it's the Cyrillic letter а.
Spoofing Cases Targeting Binance
Historically, spoofing domains like bіnance.com (the "i" is the Cyrillic letter і) and binаnce.com (the "a" is the Cyrillic letter а) have appeared. To the naked eye they look exactly like binance.com, but they are completely different domains — not Binance's assets.
How to Identify
- Copy the entire URL from the browser address bar and paste it into a plain-text editor or Notepad to view. Punycode displays in plain text as the ASCII form starting with xn--, immediately revealing itself.
- Chrome and Firefox have built-in warnings for mixed-script domains. If the browser pops up a "the domain you're visiting may be spoofed" alert, never ignore it.
- Develop the habit of only entering through bookmarks, and you won't fall into this kind of character spoofing.
Prefix/Suffix Disguise Techniques
Hyphen Disguise
Hyphenated domains like binance-login.com, binance-app.com, binance-vip.com, and binance-official.com are 99% non-official. Binance officially only uses binance.com and a few backup domains announced officially (binance.info, binance.bz, etc.). It never uses hyphenated second-level domains as login entries.
Subdomain Disguise
Structures like login.binance-safe.com or user.binance-account.net place "binance" in the main domain rather than the subdomain. They look like sub-sites, but the main domain binance-safe.com itself is registered by someone else. The real Binance subdomain structure should be accounts.binance.com, www.binance.com — the main domain is always binance.com.
Top-Level Domain Replacement
Domains with TLD replacement like binance.net, binance.org, binance.vip, binance.top, and binance.cn mostly do not belong to Binance officially. Only binance.com, binance.info, binance.bz, and binance.us are Binance's official formal assets.
Real vs. Fake Comparison Table
| Feature | Real Official | Common Fake Site Traits |
|---|---|---|
| Domain | binance.com | binance with hyphen / letter swap / TLD swap |
| Certificate | Issued by trusted CA | Self-signed, expired, subject mismatch |
| Page footer | Complete company info, support, terms | Missing info or sloppy copy-paste |
| Support entry | Redirects to support.binance.com | Redirects to fake support or Telegram group |
| App download | Points to binance.com/download | Points to third-party cloud drive or APK site |
| Assets after login | Synced with app | Page stalls or redirects after login |
Protective Habits When Searching
Only Enter Through Bookmarks
As soon as you confirm the official site the first time, bookmark it and always enter through the bookmark going forward. This is the single most effective habit against phishing, more useful than installing any browser extension.
Turn On "HTTPS Only" Mode
Chrome, Edge, and Firefox all have an "Always use HTTPS" toggle. After enabling it, the browser forcefully warns on any non-HTTPS page. Phishing sites sometimes don't bother configuring HTTPS certificates or use self-signed ones. Turning on this feature blocks a batch of them.
Enable the Anti-Phishing Code
After logging in to Binance, set an anti-phishing code (usually 3-4 letters or digits) in "Security Center." Afterward, all official emails from Binance will show this code at the header — phishing emails won't have it. This is a key tool to help you identify phishing emails.
Don't Log In on Public Wi-Fi
Public Wi-Fi at airports and coffee shops may have DNS hijacked by a man-in-the-middle. When you type binance.com, it resolves to the attacker's server. If cellular data is available, don't use public Wi-Fi to log in to Binance. If you really must, open a VPN first.
Frequently Asked Questions
Is the First Result on Baidu Search Official?
Not necessarily. The top of Baidu search results is often a paid ad slot, and the real binance.com may be pushed to the second screen. Habitually skip the ads and look for the first link ending in binance.com in the organic search.
What Should I Do If I Clicked Log In on a Phishing Site?
Immediately do three things: change your password on the real official site, disable and re-bind 2FA, and check whether API keys have abnormal permissions. Then log in to your email to view recent login notifications and see whether the attacker has already tried to sign in.
Can I Fully Trust the "Secure" / Lock Icon in the Browser?
The lock only indicates HTTPS transport encryption — it does not mean the domain itself is official. Phishing sites can equally well configure valid Let's Encrypt certificates to show a lock. The lock only proves the connection is encrypted, not that the identity is real.
Can I Confirm the URL via Customer Service Phone?
Binance has no Chinese customer service phone number publicly for mainland users. Anyone claiming to be Binance customer service, calling you or adding you on WeChat, should be highly suspect. Official support is only provided through tickets and web chat at support.binance.com.
Are Third-Party Directory Links Trustworthy?
Relative trustworthiness depends on the directory site itself. Non-industry-well-known directory sites are not recommended. Phishing sites often buy out or disguise themselves as directory sites. The safest bet is still to save your own bookmarks.