When you switch to any mirror site of the Binance Official Website, the account remains the same—account balance, KYC status, open orders, APIs, and 2FA keys are all synced in real-time. No re-verification is required. However, due to browser cookie domain isolation, you will need to re-enter your account credentials + 2FA once during login, after which it will remain active. For those who want to avoid re-logging in via a browser, you can use the Binance Official APP or follow the iOS Installation Tutorial to install the APP client. The APP uses APIs uniformly for all mirrors, so a single login lasts indefinitely.
1. What is a Binance Mirror?
Binance's core business is concentrated on the main domain binance.com. However, to provide more stable access for users in different regions and network conditions, various mirror domains are activated by the official team or third parties (e.g., region-specific domains, partner white-label domains, CDN distribution domains, etc.). The frontend JS, backend APIs, and account databases of mirror sites are completely identical to those of the main site; essentially, they are different domain entry points for the same backend system.
Step 1: Identify if a Mirror is Official
True official mirrors will be explicitly listed in the "Help Center - Announcements" on the main site. "Fake mirrors" created by third parties often mix "binance-xxx" into the domain name; they copy the main site's frontend but send submitted data to the attacker's server, which is phishing. Official mirrors can be secondary-verified via the SAN domains listed in their X.509 certificates.
Step 2: Compare Account Systems Between Mirror and Main Site
The main site and official mirrors share the same user_id, asset ledger, and KYC profile. Switching mirrors is equivalent to using a different frontend entry point to view the same backend data; it does not create a "duplicate account" or "sub-account".
2. Sync Details Between Mirror and Main Site Accounts
Asset Layer: Real-time Consistency
Whether you place an order on the main site or a mirror, the order is written to the same matching engine. Balance changes are synced in seconds; it is impossible for the main site to show 1000 USDT while the mirror shows only 900 USDT.
KYC Layer: Real-time Consistency
Once you complete KYC Level 2 on the main site, you will immediately have Level 2 status upon logging into a mirror. No need to re-upload ID, re-perform facial recognition, or re-fill address information.
2FA Layer: Identical Keys
The TOTP key bound to Google Authenticator is account-level, not domain-level. When switching mirrors, you still use the same 6-digit dynamic code; no need to re-scan any QR code for binding. This also applies to SMS and Email OTP.
Session Layer: Re-login Required
Cookies are stored according to SameSite + Domain rules. Browsers do not send login cookies for binance.com to mirror domains; this is determined by the browser security model. Therefore, during the first switch to a mirror, you will see an empty login page and must re-enter your credentials + 2FA. Re-entry won't be required for the next 7 days.
3. Quick Comparison: Main Site vs. Mirror
| Dimension | Main Site binance.com | Official Mirror | Re-operation Required? |
|---|---|---|---|
| Account ID | Same | Same | No |
| Asset Balance | Synced | Synced | No |
| Open Orders / Positions | Real-time Shared | Real-time Shared | No |
| KYC Level | Synced | Synced | No |
| 2FA Key | Same One | Same One | No |
| Login Cookie | Main Site Only | Mirror Only | Yes, Re-login Required |
| API Key | Account-level Shared | Account-level Shared | No |
| Withdrawal Whitelist | Shared | Shared | No |
| Anti-phishing Code | Shared | Shared | No |
| Login Records | Summary Display | Summary Display | No |
Only the browser login session needs to be redone once; everything else is seamless.
4. Handling Mirror Usage Scenarios
Scenario 1: Asked for 2FA for the First Mirror Switch
This is normal. The mirror domain's cookie is empty, so the system treats it as a new login and triggers 2FA verification. As long as your original Google Authenticator or SMS OTP still works, simply enter it; do not click "Key Lost" to start the recovery process.
Scenario 2: API Key Found Invalid After Switching Mirror
The API Key itself does not expire, but many users bind their API Keys to an "IP Whitelist". The CDN exit IP might change, causing the API to return a 401 error. The correct approach is to enter the main site's "API Management" and add the mirror's exit IP range to the whitelist, or switch to a "No IP Whitelist + Strict Permissions" method.
Scenario 3: Asked for Facial Recognition After Switching Mirror
This is an abnormal signal, meaning you might not be visiting a true mirror. A true mirror will not request facial recognition again for an account that has already completed KYC. If this happens, exit immediately, clear cookies, and log in to the Binance Official Website main site to check if it's a phishing site.
Scenario 4: Withdrawal Whitelist Addresses are Missing
The whitelist address book is account-level and should theoretically be visible on the mirror. If the addresses are empty, first check if you accidentally logged into the wrong account. Case sensitivity and spaces in the email entry are treated as different accounts.
5. FAQ
Q1: Will switching to a mirror affect asset security? No, provided the mirror is official. Assets are stored in Binance's cold/hot wallet architecture, which is unrelated to the frontend domain.
Q2: Can I log into the mirror and the main site at the same time? Yes. The two domains use different cookies, effectively acting as two independent sessions that do not kick each other offline.
Q3: How do I determine if a domain is an official mirror? Search for keywords like "domain" or "access" in the "Help Center - Announcements" on the main site; a whitelist will be listed. Any domain not in the announcements should be treated as phishing.
Q4: What should the mirror site's HTTPS certificate look like? The SAN list should include the binance.com main domain or explicitly show "Binance Holdings Limited" as the organization name, issued by DigiCert or GlobalSign.
Q5: Will my anti-phishing code still be displayed after switching mirrors? Yes. The anti-phishing code is stored in account settings; all official frontends (main site / mirror / APP) will display it at the top of emails and in-site messages. An inconsistent anti-phishing code indicates a fake site.