Searching "Binance official site" in a search engine returns dozens of results, but there is really only one true official site: binance.com, along with its few parallel domains binance.info and binance.bz. The top positions in the search results are often paid ad slots, which are frequently bought by phishing groups to impersonate the official site. The "encyclopedia pages" and "navigation sites" in the middle are mostly third-party information sites that redirect to a mix of real and fake external links when clicked. The safest approach is to manually type the domain to access the Binance Official Site, or jump via the built-in "Web Version" button inside the installed Binance Official App. First-time iPhone users are advised to first follow the iOS Install Guide to deploy the APP, and then use the APP's scan-login for all subsequent logins, completely bypassing the fog of search engines.
5 Common Types of Sites in Search Results
The content returned by search engines is not all official. The table below breaks them down in order of appearance.
| Position | Site Type | Typical Features | Safety Level |
|---|---|---|---|
| Top with "Ad" label | Paid ad slot | Domain has prefix/suffix, "Ad" label top right | Extremely unsafe |
| Results 1-3 | Encyclopedia / News sites | Baidu Baike, Zhihu, Xueqiu, etc. | Info only, do not log in |
| Results 4-6 | True official sites | binance.com / binance.info / binance.bz | Safe |
| Results 7-10 | Tutorial / Navigation sites | Third-party blogs, rebate sites | Safe if you don't log in |
| Dropdown Suggestions | Related recommendation sites | Counterfeit domains, APK download pages | Extremely unsafe |
Search engine ranking does not equal authority. Many new domains rise to the top in a short time through black-hat SEO tactics, while the official site may actually rank below position 4 due to its rigorous content structure.
Three Most Common Fake Site Tactics
Tactic 1: Punycode Chinese Domains
Punycode is a mechanism that encodes non-ASCII characters into ASCII strings to support Chinese, Russian, and other non-English domains. Phishing sites exploit visually similar foreign characters to impersonate "binance". For example, using the Cyrillic letter а (U+0430) to replace the Latin letter "a" looks identical to the naked eye, but the actual domain is xn--binnce-xxx.com.
Identification method: Copy the full address bar text into a notepad. If it starts with xn--, it's a Punycode domain—close it immediately. Chrome 104+ displays the xn-- raw form directly in the address bar, so it's recommended to keep your browser upgraded to the latest version.
Tactic 2: Prefix/Suffix Spoofing
The main body of these domains is still "binance", but with seemingly reasonable words added before or after:
- binance-login.com (Login entrance? Actually the main domain is binance-login.com)
- accounts-binance.com (Note the hyphen in the middle, not a dot)
- binance.com.download-apk.co (The final main domain is download-apk.co)
- binance.official-site.xyz (The main domain is official-site.xyz)
Browsers read domains from right to left: first the rightmost top-level suffix, then the second-level main domain. The actual ownership of these sites lies entirely after the hyphen or dot, with nothing to do with binance.
Tactic 3: Character Substitution
- b1nance.com: digit 1 replaces letter i
- binanee.com: two e's in a row replace ce
- bimance.com: m replaces in
- binancc.com: double c replaces ce
These are very easy to mistake visually, especially on small mobile screens. The way to judge is to read the domain letter by letter and compare it to the standard binance spelling.
How to Lock Onto the Real Official Site at a Glance
Step 1: Skip the Ad Slots
The very top of the search results page usually has 1-3 entries marked "Ad". Scroll directly down and look for the true site in the organic results. Baidu search ads typically come with green "Ad" text; Google uses bold "Sponsored".
Step 2: Look at Domain Length and Structure
The genuine Binance domain structure is either two-part main.TLD or three-part subdomain.main.TLD. Any binance domain with four or more parts is suspicious—for example, xx.binance.xx.com is usually a fake site.
Step 3: Click the Padlock to Verify the Certificate
After entering the page, click the padlock in the address bar and check the SSL certificate's issued subject. The genuine main site shows Binance Holdings Ltd, and binance.us shows BAM Trading Services Inc.. Any other name is suspicious.
Step 4: Verify Key Button Behavior
Click "Sign Up" on the homepage. The genuine page will redirect to the subdomain accounts.binance.com/register. If it jumps to a completely different domain (for example register-binance.net), it means you've landed on a fake site.
Step 5: Cross-Verify with the APP
Inside the logged-in Binance APP, tap "Scan" and scan the web login QR code. The genuine site's QR code will pop up full authorization info (IP, browser, time), while the fake site's QR code will cause the APP to directly report "Invalid link". This is the simplest cross-verification method.
Differences Across Search Engines
Baidu: When searching "Binance official site", the top page has about 2-3 ad slots, mostly third-party exchanges and fake sites. The real official site usually ranks 4-6, with titles ending in "Binance.com".
Google results are relatively clean, with the official site usually ranking 1-2, but some regions still push Sponsored ads. Be careful to recognize the Sponsored label.
Bing / Edge is used by about 30% of enterprise users, and search results occasionally mix in counterfeit APK download pages. Always enter only via the search result title, never click "Download" buttons.
DuckDuckGo / Startpage and other privacy search engines have fewer ads and a lower proportion of fake sites, but the official site's ranking may be unstable, so check a few results to verify.
What to Do If You've Already Clicked a Fake Site
If You Haven't Entered Any Information
If you just opened the page without entering your credentials, close the tab immediately and clear the browser cache. If you're worried, scan the download folder with antivirus software.
If You Entered Your Username and Password
Immediately log in to your account from the real official site, change your password, revoke all API keys, and in "Security" click "Log out of all devices", and enable Google Authenticator. If your account has assets, first transfer large assets to your own cold wallet or move them to a secondary account.
If You Entered a 2FA Dynamic Code
Dynamic codes refresh every 30 seconds, but the fake site may complete a one-time login using your username + password + dynamic code within seconds. Immediately log in to the real official site, reset Google Authenticator (delete the old one and rebind by scanning), and change your password.
If You Downloaded a Fake APK
Do not install it. If already installed, uninstall it via "Settings → Apps → Binance" on your phone and run a full-system scan with mobile antivirus software. Then re-download a clean installer from the real official site.
FAQ
Does Binance have an official certification badge in domestic Chinese search engines?
Yes. Some search engines have given binance.com an "Official" label, but this label is limited to only one result for the main domain. Even with the label, you should still verify the certificate and not let your guard down based on the label alone.
Why is the official site I found binancezh.com?
binancezh.com was a Chinese-language transitional domain launched by Binance in the early days, but it has since been deprecated and reclaimed. It may now be squatted by someone else—never log in on this domain.
How do I identify Punycode on a mobile browser?
Long-press the address bar to show the full URL. If you see the xn-- prefix, it's a Punycode domain—exit immediately.
How long does it usually take for a bought search ad slot to be taken down?
Once the platform discovers it, the ad is usually taken down within 24-72 hours, but before the takedown, thousands of users may be deceived every day. So the first rule is still: don't click ad slots.
Has the official source stated that the APP can only be downloaded from a specific domain?
Binance's official announcements have stated multiple times that "the APK should be obtained from the download page on binance.com". binance.info and binance.bz also provide links that redirect to the official download page, but the final source CDN domain for the downloaded file still belongs to the binance family.