Most guides on judging whether the Binance official site is real only teach you to look at SSL certificates, WHOIS, or ICP filings. But imposter sites can fake those fairly convincingly. The only evidence that truly cannot be forged is on-chain data. Binance's cold wallet addresses on Ethereum, Bitcoin, and BSC are public and queryable, and no mirror imposter can forge the relationship between those addresses and the real on-chain funds. This article takes the on-chain audit perspective on how to identify the Binance official site, how to verify its cold wallets, and how to use a block explorer to look up its proof of reserves. If you have an account, log in to the Binance Official Site directly. New users are advised to Download the Binance App through this site's direct link.
The Real Domains of the Binance Official Site
Currently Binance uses only two main domains globally:
- binance.com — serving users worldwide except the US
- binance.us — serving US users through the independent entity Binance.US
When Chinese-speaking users visit, the browser automatically redirects to binance.com/zh-CN based on IP. This is the only official Chinese entry point. Historical regional subsites such as binance.je (Jersey), binance.sg (Singapore), and binance.kr (Korea) have all been taken down or spun off into independent operation and are no longer part of the main site system.
Commonly imitated or misused domains:
- binance-cn.com, binancecn.net (imposter sites)
- binance.co, binance.io, binance.net (domain squatting, not official)
- Any variant with hyphens or underscores (binance-official, official-binance)
- Domains with .xyz, .top, .shop, .vip, .app suffixes (all imposter sites)
The Core Logic of Identifying Authenticity With On-Chain Data
Imposters can copy the front-end, copy the logo, copy the support chat box, but they cannot fake on-chain transactions. As the world's largest exchange, Binance leaves an unhideable trail of funds on chain. Anyone can query these addresses via a block explorer:
Binance's Publicly Disclosed Major Cold Wallets
From November 2022 onwards, Binance has implemented the Proof of Reserves (PoR) mechanism, periodically publishing some cold wallet addresses. The addresses below have been monitored by the community long-term and confirmed by Binance in multiple PoR reports:
| Chain | Address | Label |
|---|---|---|
| Bitcoin | bc1qm34lsc65zpw79lxes69zkqmk6ee3ewf0j77s3h | Binance Cold Wallet |
| Bitcoin | 34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo | Binance 7 |
| Ethereum | 0xF977814e90dA44bFA03b6295A0616a897441aceC | Binance 8 |
| Ethereum | 0x28C6c06298d514Db089934071355E5743bf21d60 | Binance 14 (hot) |
| BSC | 0x8894E0a0c962CB723c1976a4421c95949bE2D4E3 | Binance hot wallet |
| Tron | TMuA6YqfCeX8EhbfYEg5y7S4DqzSJireY9 | Binance-Peg USDT |
These addresses carry the official verified label Binance on Etherscan, Blockchain.com, BscScan and other explorers. The label is added by the explorer operators after multi-source verification, and imposter sites cannot make the explorer add this label to their wallets.
Audit Step One: Cross-Check Against PoR Reports
Visit binance.com/en/proof-of-reserves and download the latest Merkle Tree report. The wallet addresses listed in the report should overlap with the addresses labelled "Binance" on Etherscan. If the PoR page on the "official site" you are viewing points to addresses not verified on Etherscan, it is an imposter.
Audit Step Two: Inspect Individual Large Transfers
Every cold-wallet movement from Binance is announced almost in real time by on-chain detective agencies (Arkham, Nansen, Lookonchain). Open Twitter and search "Binance outflow" to see large flows in the last 24 hours. Pick any transfer at random, look up the TxHash on Etherscan, and you can see the From address is exactly one of the addresses above. No imposter site can simulate this liquidity.
Audit Step Three: Verify the Website's API Response
The real Binance official site's market-data API is served under the api.binance.com domain, and the response headers contain Binance's own CloudFront + AWS Shield fingerprints signed by Binance. In the Network panel of browser dev tools, click any request and inspect the Response Headers:
server: AwselB/2.0
x-mbx-uuid: ...
x-mbx-used-weight: ...
The x-mbx-* header fields are exclusive identifiers of the Binance API, and imposter sites cannot capture them or fake them (because doing so would require holding Binance's AWS signing permission).
Six Concrete Features for Identifying an Imposter Site
Beyond on-chain audit, several hard indicators allow immediate judgement:
Feature One: SSL Certificate Issuer
The real Binance's SSL is issued by DigiCert Global G3 or Amazon Trust Services, with the certificate subject *.binance.com issued to Binance Holdings Limited. Click the padlock on the left of the address bar → view certificate. If any of the three does not match, it is an imposter.
Feature Two: Domain Age
The binance.com domain was registered in May 2017. Query the domain at whois.domaintools.com — if the registration date falls within the last six months, it is almost 100% an imposter.
Feature Three: Page Weight
The real Binance home page loads about 4.2 MB of resources, with a single JS file exceeding 1 MB. Imposter sites typically come in at 300 KB – 800 KB because they lack the ability to replicate the entire market engine and order book WebSocket streams.
Feature Four: WebSocket Address
The real Binance pushes live market data through wss://stream.binance.com:9443. In the console, enter:
new WebSocket("wss://stream.binance.com:9443/ws/btcusdt@ticker")
You will receive real-time BTC price pushes. An imposter site either has no WS, or connects to its own forged WS whose prices do not match CoinGecko.
Feature Five: Simplified/Traditional Chinese Switching
The real Binance website supports 50+ languages, including Simplified Chinese, Traditional Chinese, Cantonese, and more. When switching language, the URL carries paths like /zh-CN/ or /zh-TC/. Imposter sites typically support only one or two languages, or the layout breaks after switching.
Feature Six: Footer Copyright Subject
Scroll to the bottom — the real Binance marks © 2026 Binance along with compliance licence information: Kazakhstan AFSA licence, Dubai VARA licence, France AMF PSAN registration number E2022-037, and so on. Imposter sites either leave this blank or write some forged vague credentials like "US MSB".
Verifying the Official Entry Point for the Binance App
The website is only one part. The official entry point for the app also benefits from the same on-chain-style verification approach:
- The signing certificate subject of the Android APK is CN=Binance, O=Binance Holdings Limited — a fake app's signing subject is garbled or a different company
- The iOS version is searchable on the US, Hong Kong, and Japan App Stores, with the developer account displayed as Binance
- On first launch the app accesses www.binance.com/bapi/ to load configuration, and the IP range of this endpoint belongs to Binance's dedicated ASN in AWS us-east-1
Download the APK via this site's maintained direct link — the signature and hash are both the official values.
Using On-Chain Evidence to Reverse-Verify the Authenticity of a Deposit Address
The same on-chain logic can be used in reverse to verify whether a "customer service" address is really Binance's. Scenario: someone claiming to be "Binance customer service" sends you an "official deposit address". In that case:
- Copy the address, open etherscan.io
- Search the address
- Check whether it carries the Binance verified label
- Check the historical transaction volume — a real Binance deposit address typically has tens of millions of dollars of daily flow
- Check the address's creation time — if it is a brand new address from a few days ago, it is 100% a scammer
All of Binance's official deposit addresses go through hot-wallet pools, are always labelled on Etherscan, and have flow history measured in years. Any address given by a "customer service" that lacks a label or has no history is a scam.
FAQ
Q1: Has Binance changed its main domain since 2026?
No. binance.com has been the only main domain since May 2017 and has never been replaced. Any message claiming "Binance has changed to a new domain" is essentially a phishing trap.
Q2: Why does opening binance.com on the mainland redirect me to binance.info?
This is a compliance redirect Binance implements for some regions. binance.info is a compliance subsite owned by Binance itself, held by Binance Holdings, and is safe to use. A WHOIS lookup shows the registrant is still Binance.
Q3: Is on-chain audit too complex for ordinary users?
The basic operations are not complex at all. Go to etherscan.io, search "Binance", and the first dropdown entry shows all officially verified Binance wallets — done in 3 seconds. Compare against the address you have at hand.
Q4: How often is the Proof of Reserves report updated?
Binance's PoR report is updated once a month, with each release covering more than 30 mainstream coins. The report includes the Merkle Tree root hash of user assets, the corresponding cold wallet addresses, and the signature of the third-party auditor (Mazars, later replaced by Armanino).
Q5: Can imposter sites fake the Etherscan label display?
An imposter site can embed a forged "Etherscan screenshot" on its own page to deceive you, but if you directly open etherscan.io in your own browser and query the address, the imposter cannot interfere with Etherscan's server response. So always look it up yourself in the browser — never trust a screenshot sent to you.
Q6: What if a "Binance official site" has no PoR page?
The real Binance keeps the PoR entry in the top navigation under "About → Proof of Reserves", always, and it has never been taken down since the first version in November 2022. If the "official site" has no PoR page, or the link returns 404, classify it as an imposter.
Q7: Are the old domains binance.zh and binance.cn still usable?
binance.zh has never existed. binance.cn was once an early test domain for Binance, retired in 2018, and currently points to unrelated content. The browser will not automatically redirect to binance.com, so treat all such domains as imposters.
Q8: What does Chrome's "Not secure" warning mean?
The real Binance is never flagged as "Not secure" by Chrome. If you visit "binance.com" and see a "Not secure" warning, 99% of the time your DNS is polluted or your local hosts file has been tampered with. In that case, change the network environment, or use public DNS such as 1.1.1.1 or 8.8.8.8 to re-resolve.