You can't tell a real exchange from a fake one by how the page looks — the only thing worth checking is that whole line of text in the address bar. Paste the URL or domain you're about to open, and this tool compares it character by character against the official domains of a few known major exchanges, then tells you whether it's an exact match, not on the list, or "close but not identical."
Let's be clear first: this is a string check, not a safety certification
This tool does exactly one thing — it checks whether the domain you enter matches the string of one of the official exchange domains we know to be real. It cannot tell you whether an unfamiliar site is genuine or safe, and it is not a certification or guarantee. The result is an educational hint only. Always defer to each exchange's official announcements and to your own verification.
Works with full URLs that include https://, a path, or www — the tool extracts the main domain before comparing. Everything runs locally in your browser; nothing is uploaded.
Known official domains for reference
Below we list only the official main domains of a few major exchanges that we've confirmed to be real, as a reference for checking. An exchange not listed here isn't necessarily illegitimate — it's just not in this tool's built-in list. When you run into one, go back to that exchange's official channel to verify.
| Exchange | Official main domain | Note |
|---|---|---|
| OKX | okx.com | Defer to OKX's official announcements |
| Binance | binance.com | Defer to Binance's official announcements |
| Coinbase | coinbase.com | Defer to Coinbase's official announcements |
| Kraken | kraken.com | Defer to Kraken's official announcements |
| Bybit | bybit.com | Defer to Bybit's official announcements |
Note: exchanges sometimes run regional sites or subdomains; defer to each exchange's official announcements for specifics. This table lists main domains only, for educational checking — it's not a certification or endorsement of any platform.
The 5 domain tricks scammers use most
A page can be cloned pixel for pixel, but a domain can't be — a scammer can only use one that "looks like" the real thing. Here are the tricks to watch for most closely when you check (the fake domains below are illustrations of the technique, not real sites):
| Trick | Example | How to spot it |
|---|---|---|
| Lookalike spelling | 0kx.com (digit 0 posing as the letter o) | Compare character by character — especially o/0, l/1/I, rn/m |
| Subdomain disguise | okx.account-login.com | The part right before the last dot is the real main domain |
| Suffix variants | okx.net / okx.co / okx.app | Memorize the official suffix (OKX uses .com) |
| Added words | okx-official.com / login-okx.com | The real main site won't add words like official, login, or vip |
| Homoglyphs | A Cyrillic о swapped in for the Latin o | Don't trust your eyes — let a bookmark or password manager match it for you |
For the full breakdown of these five tricks, and what to do if you've already been steered onto a fake site, see cloned phishing sites and fake exchanges.
Why checking the domain is your first defense against fake sites
The hardest thing about a fake exchange is precisely that it doesn't win by slipping up — the page, the logo, the color scheme, the price tickers can all be copied one to one, and you could stare at the screen all day without spotting the flaw. The one giveaway a scam can't hide is the address it runs on: it can't use the real official domain, only a lookalike that you'll wave through if you don't look closely. That makes "check the full domain" almost the only move that needs no technical skill yet reliably exposes a fake site. Get into the habit of glancing at the address bar before you enter a site, and you've added a near-zero-cost line of defense.
The little padlock (HTTPS) does not mean safe
Many people relax the moment they see a "padlock" in the address bar. But that lock only means the connection between you and the site is encrypted — any website, including a fake one, can get an HTTPS certificate for free. Having the lock has nothing to do with whether it's the official site. To judge real from fake, still only check whether the full domain is correct. The FTC's guidance on phishing scams and FINRA's investor alerts on crypto-asset scams make the same point: a familiar-looking address bar isn't proof of anything.
If you do land on a fake exchange or phishing page, report it. In the U.S., file with the FTC at ReportFraud.ftc.gov and, if you lost funds, with the FBI's Internet Crime Complaint Center (IC3) — your report helps get lookalike domains taken down faster.
The best habit: don't check by eye every time
Checking a domain character by character is a fallback, but eyes get tired and can be fooled by homoglyphs. The truly low-stress approach is to lock down how you enter a site, so you don't give yourself the chance to check at all:
- Once you've confirmed the official domain the first time, bookmark it immediately and only ever enter from the bookmark — no more searching, no more clicking links other people send you.
- Use a password manager: it only autofills your username and password when the domain matches exactly, and stays silent on a fake site — which is effectively a precise domain check done for you.
- Install mobile apps only from the Apple App Store or the exchange's official download page, never an installer someone sends you.
- Treat any DM about "the official site moved" or "here's the latest backup address" as a scam by default — a real platform changes domains through official announcements, not by having a stranger notify you.
How does this tool decide, behind the scenes?
The logic is simple and runs entirely in your browser. The tool first strips out the protocol (https://), path, query, port, and so on from what you type, and extracts the main domain. Then it compares that main domain against the built-in list of official domains in three layers: an exact match shows "identical"; if it's only very close (an extra word, a swapped suffix, or a tiny edit distance), it shows "close but not identical" with a high alert; if neither matches, it shows "not on the list" and asks you to verify it yourself. It doesn't go online, doesn't query any database, and doesn't "certify" any site — it only lays the string-level differences out for you, so you can spot something suspicious faster.
Rather than checking nervously every time, save the entry point as a bookmark from the official channel
Fake sites usually succeed because a beginner walks in through a search ad or a stranger's link on the very first step. If you're planning to start trading, go straight to a major, reputable exchange through its official channel and then bookmark it. OKX is one such mainstream exchange, and its official domain is okx.com.
Related reading
- Cloned phishing sites and fake exchanges — the full breakdown of the 5 domain tricks.
- How to tell whether an exchange is legit — includes an official-domain checklist.
- Scam self-check — run it when you can't tell whether the whole thing is a scam.