Search "Binance" and at least a dozen sites will appear on the first two pages that look identical but have different domains. Ordinary users can stare at them for ages and still not be able to tell. Rather than obsessing over page appearance, switch angles: use three independent chains of evidence — compliance licences, domain registration information, and the mapping to real-name KYC — to cross-check. The moment any one link does not match, the site can be judged a fake. After confirming the official entry point, registering a Binance account or downloading the Official App feels much more settled.
Why Looking at the Page Alone Is Useless
An imposter can copy an entire front-end with just a right-click "Save page" or by scraping the code using browser dev tools — ten minutes, done. Some even do two-way synchronisation: the front-end looks just like Binance, while the back-end secretly relays your username and password to the real site in real time, making you "appear to log in successfully" even though your two-step code has already fallen into the scammers' hands.
So using your eyes to check whether the risk banner is present, what the captcha looks like, or where the support icon is placed is unreliable. The truly reliable approach is to find things imitators cannot copy — the legal ownership of licences, the WHOIS history of the domain, and your own KYC data within the account.
Evidence Chain One: Cross-Checking Compliance Licences Across Jurisdictions
The Binance group holds financial regulatory licences in many jurisdictions worldwide, and the company names and licence numbers are publicly searchable. The real official entry point always lists these licences in its footer or legal disclosure page; an imitation either copies licence numbers incorrectly or omits them entirely.
A Few Jurisdictions You Can Cross-Verify Against
- France AMF (Autorité des marchés financiers): Binance France SAS holds a DASP registration, with its number searchable on AMF's registry
- Italy OAM: Binance Italy S.R.L. is registered in Italy's virtual-asset operator registry
- Bank of Spain: Moon Tech Spain S.L., as Binance's Spain entity, is registered with Spain's central bank
- Dubai VARA: Binance FZE holds a virtual-asset service licence
- Bahrain CBB: Binance Bahrain BSC(c) is a Middle East headquarters-level regulated entity
- El Salvador: Binance El Salvador S.A. de C.V. holds a digital-asset service licence
- Poland MSWiA: Binance Poland Sp. z o.o. has completed virtual-asset service registration
How to Use This Chain
Open a site claiming to be Binance, scroll to the footer, and look for a section like "Legal Disclosure", "Legal & Compliance", or "Regulatory License". Copy the full company name of any one licence (for instance "Binance France SAS") and look it up on the corresponding regulator's official site. If it matches — at least this site does have a Binance-affiliated entity registered in that jurisdiction. If it is nowhere to be found — close immediately.
Imposters cannot obtain real licence information, because every licence corresponds to a real company, with registrations for commercial records, addresses, legal representatives, and registered capital. A WHOIS lookup cannot produce any of those.
Evidence Chain Two: Domain Registration Information and SSL Certificate Subject
The WHOIS information for the real www.binance.com is partly masked by privacy protection, but two details imposters cannot bypass:
Registration date: binance.com was registered in 2017. Any "binance"-related domain whose WHOIS shows registration in the last year or two can basically be classified as an imitation. The lookup method is to visit who.is or whois.com and enter the full domain.
SSL certificate subject: click the padlock in the browser's address bar → "Certificate is valid" → view certificate details. The real binance.com certificate's O field (Organization) should be Binance Holdings Ltd or a wildcard certificate issued by a major CDN like Cloudflare. Impersonators use either free Let's Encrypt certificates (whose issuer and subject information are thin), or certificate subjects that are not Binance-related entities at all.
The Real Official Domain List
Binance's compliance entities around the world each have a regional site, all official:
- Global main site: binance.com
- US site: binance.us (independent operating entity BAM Trading Services)
- Japan site: binance.com/ja-JP (operated by Binance Japan K.K.)
- Singapore: binance.sg (operations ceased)
Anything not on this list — regardless of how similar the suffix is (.co, .io, .vip, .xyz, .net, .live, .finance, etc.) — is not an official entry point.
Evidence Chain Three: The One-Way Correspondence of KYC Real-Name Data
This is the hardest-core evidence, and one that imposters can never forge — the real Binance back-office contains only your own KYC information, no one else's.
What does this mean? You completed real-name verification on Binance, uploaded your ID, and filmed a face video. That material is encrypted and stored in Binance's compliance database and is mapped one-to-one with your account. Even if a scammer has your username and password, once they log in to the real site:
- If they try to withdraw — risk control triggers, comparing the usual device, IP, and the withdrawal address whitelist
- If they try to change the email — the original email has to be verified + face recognition + a 24–72 hour wait
- If they try to reset 2FA — face verification is required, compared against the archived KYC video
How to Use This Evidence to Reverse-Verify the Official Entry Point
After logging in to a site whose authenticity you are unsure of, go to "Account" → "Identity Verification" and see whether the displayed name, ID number, and verification time are your own. If those fields are empty, blurry, or show someone else's information, you are not logging in to the real Binance — because the real site stores your real-name archive.
Conversely, this is why many veteran users prefer entering from a bookmark every time rather than re-searching on a new device: the KYC archive in your account is the ultimate litmus test, translating the question "Is this website real?" into "Does this website know who I am?"
How the Official App Corresponds
The verification approach for the app is the same as for the website, only the medium differs:
Android: the official package name is fixed at com.binance.dev. After installing, go to "Settings → App Management → Binance → App Info" to see the package name. Any other package name (such as com.binance.app or com.binancev2.dev) is an imitation. The SHA-256 fingerprint of the signing certificate is publicly announced in Binance's developer documentation and can be verified with the apksigner command.
iOS: on the App Store, the developer account must be Binance Inc. (US region) or Binance Japan K.K. (Japan region). Any "Binance" app not published by these two Apple Developer accounts is an imitation, no matter how similar the icon and screenshots look.
APK download channel: obtain it only from www.binance.com/en/download or a link on this site. After downloading, the APK file should be between 80 and 120 MB — anything smaller or larger warrants caution.
FAQ
Why is the first search result for "Binance" always a site I do not recognise?
Top search-engine entries are often paid ad slots. Scammers buy ads on the "Binance" keyword and push imitation sites to the most visible position. The habit to form is: never enter any exchange from search results. On your first visit to the official site, once verified, bookmark it immediately, and thereafter always go through the bookmark.
Does Binance have an official site for mainland China?
No. Mainland China is not among the compliance-operation regions for Binance globally. Any independent domain claiming to be the "Binance China official site", "Binance Mainland Edition", or "Binance Simplified Chinese Official Site" is counterfeit. Binance's global main site binance.com offers a Chinese interface — that is the proper entry point for Chinese-speaking users.
How do I know the licence information I look up is real?
Every country's financial regulator has a public search tool. Taking France's AMF as an example, visit amf-france.org, find "Actors database" in the top menu (or "主体数据库" in the Chinese interface), and enter "Binance France SAS" to see registration details — including registration date, business scope, and legal representative. All of this information is publicly disclosed by the government and cannot be forged.
I already entered my username and password on an imitation site — will my assets be stolen instantly?
Not necessarily instantly, but the window is very short — typically minutes to hours. After obtaining your credentials, scammers immediately try to log in to the real site and then pursue several possibilities: direct withdrawal (if you have not enabled the withdrawal address whitelist and 24-hour waiting period), harvesting all your API keys, or rebinding the email to gain long-term control. Immediate actions: from a different device, go through your bookmark to the real site → change password → disable all APIs → check the withdrawal address whitelist → contact customer service to freeze the account.
Why do some "Binance" sites still show normal market data?
Because market data can be pulled for free through Binance's public WebSocket endpoints. An imitation site can call this endpoint directly and display BTC and ETH prices in real time. Normal market display does not mean the site is real — the imitation's core goal is to steal your login credentials, not to display prices.
How do I use the Binance Verify tool?
On the Binance main site's search bar or footer, find the "Binance Verify" link. Once inside, you can input an email address, phone number, Telegram account, Twitter account, URL, etc., and the system tells you whether the information belongs to Binance official. If the result says "not found" or carries a warning, the information is very likely an imposter.
I saw a promotional pop-up in the Binance app asking me to click a link — is that official?
In-app promotional pop-ups are indeed official pushes, but do not leave the app after clicking the pop-up — if the pop-up redirects you outside to an external browser and asks you to re-log in or connect a wallet, it may be a contaminated promo page or a malicious overlay. Legitimate events are completed entirely within the app, and do not require you to re-enter your credentials in an external browser.
Can I trust "Binance" links recommended by family or friends?
Not unconditionally. Even a close friend may themselves be a phishing victim, and the link they share with you might be an imitation site with referral parameters. Any link received via chat, email, SMS, or social media must go through the three evidence chains above before you decide whether to use it.