🔍

How to Verify Market Mirrors

Anti-Phishing Guide | December 28, 2024

The Phishing Threat

Phishing sites are the #1 security threat on darknet markets. Fake mirrors steal login credentials and cryptocurrency from unsuspecting users. Markets like Torzon, Nexus, and Kerberos maintain multiple mirrors, making verification crucial.

Verification Methods

1. PGP Signed Mirror Lists

  • Markets publish mirror lists signed with their PGP key
  • Verify signature matches official public key
  • Never trust unsigned mirror lists
  • Save verified PGP key fingerprint offline

2. Multiple Trusted Sources

  • Cross-reference mirrors from 3+ independent sources
  • Use established forums (Dread, Dark.fail)
  • Check our verified market comparison
  • Never rely on single source

3. Onion Address Format

  • V3 onions: 56 characters ending in .onion
  • Memorize first/last few characters of real address
  • Phishing sites often use similar-looking addresses
  • Example: torzon7x...abc.onion vs torzon7y...abd.onion

Red Flags of Phishing Sites

  • ❌ Asks for 2FA backup codes
  • ❌ Requests deposit before login
  • ❌ Different layout/design than usual
  • ❌ Unusual error messages
  • ❌ Captcha on every page
  • ❌ Suspiciously fast loading times

Best Practices

  1. Bookmark verified mirrors in Tor Browser
  2. Use unique passwords for each market
  3. Enable 2FA on all accounts
  4. Test with small amount first if unsure
  5. Never enter mnemonic/seed phrases on any site
  6. Verify PGP signatures on all official communications

Market-Specific Verification

Torzon Market

Publishes PGP-signed mirror list updated weekly. Verify against official PGP key: ABCD 1234 EFGH 5678

Kerberos Market

Uses canary system - check canary.txt file for recent signature. Updated every 48 hours.

Nexus Market

Mirror verification via blockchain-anchored hash. Check official Dread subdread for latest hashes.

If You've Been Phished

  1. Immediately change passwords on real site
  2. Enable/reset 2FA
  3. Withdraw all funds to new wallet
  4. Report phishing site to community
  5. Monitor for unauthorized transactions

Trusted Verification Resources

  • Dark.fail - PGP-verified mirror directory
  • Dread Forum - Community-verified links
  • Our homepage - Regularly updated mirrors
  • Market PGP keys - Save offline for verification

Stay Safe from Phishing

Always verify mirrors through multiple trusted sources. One mistake can cost you everything.

Read Security FAQ