Skip to content
Security Warning

Anti-Phishing & Scam Protection

Phishing is the most successful attack vector against darknet market users. This guide covers how to identify, verify, and protect yourself from fraudulent sites and social engineering.

⚠️ The Phishing Threat

In February 2026, security researchers documented 47 simultaneous Torzon phishing domains, all using SSL certificates, near-identical UI clones, and subtly modified onion addresses. These sites collect credentials and wallet deposit addresses, allowing attackers to steal both account access and any funds deposited. Phishing is the single largest cause of financial loss for darknet market users.

How Phishing Sites Work

  • Attackers register onion addresses that look visually similar to the real address (e.g. replacing 'l' with '1' or 'o' with '0')
  • They copy the entire site UI — login page, listings, everything — making visual detection nearly impossible
  • When you enter your credentials, they're captured. When you deposit funds, the attacker's wallet address replaces the real one
  • Victims often don't discover the attack until their balance disappears
🚨
Critical Warning

A single character difference in an onion address means you are on a completely different server, potentially controlled by an attacker. There is no visual way to detect a convincing phishing clone without character-by-character address verification.

🔍 How to Verify Links

Step 1 — Source Your Links from Verified Pages Only

Only use onion addresses from our Enter Marketplace page, which cross-references all links against PGP-signed canary posts. Never use links from:

Social media (Twitter, Reddit, Telegram)
Forum posts or private messages
Search engine results
YouTube videos or tutorials
Links shared in chat groups
Other darknet sites or wikis

Step 2 — Character-by-Character Verification

After copying an onion address, paste it into a text editor and compare it character by character against the address published here. All legitimate Torzon addresses begin with "torzon" and are exactly 56 characters long (including ".onion"). Any deviation is a phishing attempt.

Step 3 — PGP Canary Verification

The Torzon admin team publishes a PGP-signed canary every Tuesday listing all active, verified mirror addresses. Download the canary, verify the signature against the admin public key (available on our Enter Marketplace page), and cross-reference the listed addresses before each session.

Step 4 — Bookmark on First Verified Visit

After successfully verifying an address and reaching the genuine platform, bookmark it in Tor Browser immediately. Use only your bookmarked link for all future visits. Treat any request to re-enter your credentials as a serious red flag.

🎭 Common Scam Types

Exit Scams

An exit scam occurs when a market operator abruptly disables withdrawals, accumulates maximum funds in escrow, then disappears with all user and vendor balances. Mitigation: never keep more than one transaction's worth of funds on any market. Prefer multisig escrow where available to prevent platform-level fund seizure.

Vendor Scams

After building a high reputation, a vendor switches to shipping inert materials or nothing at all, then disappears. Mitigation: use the dispute window and escrow. Never finalise early (FE) unless you have an established relationship with a very high-reputation vendor and fully understand the risks.

Fake Vendor Accounts

Attackers create accounts with names designed to resemble established vendors — using Unicode lookalike characters or minor spelling variations. Always check vendor account age, total transaction count, and PGP key fingerprint against independent sources before ordering.

Fake Admin / Support Messages

Attackers impersonate platform administrators to request fund transfers, passphrase resets, or urgent actions. Legitimate platform admins will never ask for your passphrase. Any such request is a scam. Verify all claimed admin communications against signed canary posts.

✅ Protection Checklist

  1. Get onion addresses exclusively from this page or PGP-signed canary posts
  2. Verify every character of every address before each session
  3. Bookmark verified addresses immediately after first successful verification
  4. Never use links from social media, search engines, or messaging apps
  5. Keep minimum funds on platform — only what's needed for the current transaction
  6. Use multisig escrow for all high-value transactions
  7. Never finalise early (FE) for any vendor you haven't extensively researched
  8. Verify vendor PGP fingerprints on at least two independent sources
  9. Treat any urgent message requiring immediate action as a red flag
  10. Check the PGP-signed canary every week before connecting