Are all Binance domains with 'cn' or 'china' fake? An Identification List
- Why Won't There Be Any Official Domains with 'cn'
- Samples of Common Fake Domains
- Four-Step Identification Method
- What Happens After Entering Your Account Info
- Similar Dangers from Fake APPs
- Group Members, Customer Service, Ads: Which is the Most Dangerous?
- What to Do If You Have Already Logged into a Fake Site
- FAQ
- Further Reading
"Is the official Binance Chinese website binance-cn.com?" "A friend sent me chinabinance.org, can I log in?" These are questions asked almost daily in QQ and WeChat groups. To give the conclusion directly: Binance has never registered any official domains containing the words cn, china, or chinese. Any so-called "Binance Chinese Site" using such suffixes is 100% a phishing scam. This note compiles an identification list. To access the official gateway, please directly open the Binance Official Website; to download the app, go to Binance Official App; for iPhone installation, refer to the iOS Setup Tutorial.
Why Won't There Be Any Official Domains with 'cn'
Following the "September 4th Announcement" in 2017, Binance voluntarily withdrew from the mainland Chinese market and has not established any physical offices or operating entities in mainland China. From a compliance perspective, Binance officially will not register any domains that imply to Chinese users that there is an "official Chinese branch"—once registered, it would constitute factual evidence of "conducting business aimed at mainland China," which contradicts Binance's consistent public stance of "not providing services to users in mainland China."
Therefore, any domains you can think of like binance-cn.com, cn-binance.com, binance.cn, or binancechina.com can only be registered by someone else, and the registrants are absolutely trying to use the guise of "official Chinese branch" for fraud or gray-market traffic diversion.
Samples of Common Fake Domains
The table below lists the counterfeit domains I have seen over the past two years (the real TLDs have been removed to prevent clicking), for identification reference only:
| Counterfeit Pattern | Examples (Desensitized) | True Identity |
|---|---|---|
| binance + cn suffix | binance-cn.x, binance-cn.y | Phishing / Account Theft |
| cn + binance | cn-binance.x, cnbinance.y | Phishing / Account Theft |
| china + binance | chinabinance.x, china-binance.y | Gray Market Traffic Diversion |
| binance + numbers | binance365.x, binance88.y | Copycat Exchange |
| Pinyin variants | bian-an.x, bianan.y | Private Sale Scam |
| Registered with "Binance" Pinyin | bian-an-cn.x | Phishing + Copycat |
| Chinese character string | xn--[Binance]-x.com | IDN Homograph Attack |
Whenever you see any structure like the ones above, no matter how real the page looks, they are all fake. Close your browser immediately and do not enter any account or verification code.
Four-Step Identification Method
Step 1: Check the top-level domain suffix. The only legitimate suffixes currently used by Binance officials are .com, .info, .bz, .us, .co.jp, and .kr. Any other suffix (such as .cn, .org, .net, .cc, .xyz, .top) is an imposter.
Step 2: Check the prefixes and suffixes around the word binance. In a real domain, binance is always a standalone word, separated only by a . or /. If there is a hyphen (binance-, -binance), it is 99% fake.
Step 3: Check the issued entity of the SSL certificate. Click the small lock in the browser address bar to view the certificate; the organization name it is issued to must be Binance Holdings Limited. Fake sites either use Let's Encrypt self-signed certificates with no organization name, or they don't enable HTTPS at all.
Step 4: Check if the internal links on the page are consistent. All internal links on a real Binance site will point to the same domain or accounts.binance.com. Fake sites frequently have internal links pointing to other unfamiliar domains (used to siphon off account passwords).
What Happens After Entering Your Account Info
If you accidentally enter your account and password on a fake site, several things will happen:
- After submitting the form, the page will pretend to redirect to a "Login Failed" or "Network Error" message.
- Your account and password have already been recorded by the scammers.
- The scammers will attempt to log into the real Binance using this password set within minutes to hours.
- If you do not have 2FA enabled, your assets will be withdrawn immediately.
- If you do have 2FA enabled, the scammers might continue using phishing SMS or fake customer service calls to obtain your verification code.
Emergency Response: Immediately go to the real official website to change your password, check your API Keys, and force logout all devices. If you find assets missing, report the incident to Binance customer service immediately, and then report it to the local public security cyber police.
Similar Dangers from Fake APPs
Besides web phishing, the other most common use of fake domains is to guide users to download a fake APP. Common rhetoric: "Dedicated APP for Chinese users, please visit binance-cn.x to download." The so-called Binance.apk you download is actually a Trojan shell; once installed, it reads your clipboard (to steal USDT withdrawal addresses), reads your photo album (to steal KYC photos), and logs your keystrokes (to steal passwords).
A key indicator to judge the authenticity of an APK is the package name: the official package name is fixed as com.binance.dev, while fake package names are usually com.binancecn.x, com.binance.china, etc. Check the APK information using a file manager before installing.
Group Members, Customer Service, Ads: Which is the Most Dangerous?
Ranked by risk:
- Impersonating customer service via private message: Highest risk. Real Binance never initiates private messages for customer service; all customer service is done solely within the chat window in the APP or on the website.
- Sharing APKs in group files: High risk. The file might have been replaced with a Trojan.
- Baidu Promotion / Google Ads: Medium risk. SEO campaigns for fake sites are common; look out for results marked with "Ad."
- Links recommended by friends: Low risk, but you still need to verify the domain suffix.
Reject any "customer service" that asks you to click a link, scan a QR code, or log in to confirm.
What to Do If You Have Already Logged into a Fake Site
Take immediate action in the following order:
- Open the real official binance.com and reset your login password using the same email.
- Immediately enable or reset your 2FA after resetting your password.
- Check "Device Management" and force log out of all unrecognized devices.
- Check "API Management" and revoke any unauthorized API Keys.
- Check your withdrawal history for the past 24 hours. If you find any suspicious withdrawals, immediately contact official customer service to freeze your account.
Time is of the essence; the faster you act, the smaller the loss.
FAQ
Q: Is the domain binance.cn official Binance? A: No. .cn is China's national domain, and Binance has never owned it.
Q: Can I trust the "Binance Chinese Official Website" that appears first in search engines with an "Ad" label? A: They are almost all fake ad placements. Binance officially rarely buys Chinese search ads.
Q: Can I click a "Binance Internal Testing" link sent by a friend? A: No. Binance never conducts internal testing via private links.
Q: I have already entered my password on a fake site, but my account has no money yet. What should I do? A: You still need to change your password and enable 2FA immediately. Scammers might use your account for money laundering or to contact your contacts.