Anti-Phishing Guide – Nexus Darknet & Nexus Marketplace
Adversaries deploy sophisticated clones of the Nexus Marketplace and Nexus Darknet. This guide explains how to avoid phishing and protect your credentials.
1. What Is Phishing in This Context?
Phishing sites mimic the real Nexus Darknet or Nexus Marketplace. They look identical or very similar and steal your login, PIN, or 2FA. Once they have your credentials, they can drain your account. Visual inspection is not enough—phishing sites can copy the real design exactly.
2. Always Verify the URL (Onion Address)
Only use onion addresses that are signed by the official PGP key. Get the list from the official verify page or a PGP-signed message you have already verified. Never trust an onion link from:
- Random wikis or forums
- Search results
- Telegram/Discord/clearnet chat
- Unsigned “mirror lists”
Type or paste the onion address yourself after verifying the signature. Use Initialize Session only after you have confirmed the signed source.
3. Verify PGP Signatures
The real Nexus Marketplace publishes a PGP-signed message containing the current mirror URLs and sometimes a canary. Verify the signature with the official public key (from a trusted key server or the project’s clearnet presence). If the signature is invalid or the key is wrong, do not use the link. This is the only reliable way to confirm you are on the real Nexus Darknet and not a phishing site.
Signs of a Phishing Site
- URL not in the signed mirror list
- Asks for PIN or 2FA before normal login flow
- Invalid or missing PGP signature on the verify page
- DDoS protection that loops or never completes
- Link received from an unverified source
- Small typo in the onion address (e.g. wrong character)
Signs of a Verified Mirror
- URL matches the PGP-signed mirror list
- Verify page has a valid signature from the official key
- Standard login flow (username/password, then 2FA if enabled)
- No pressure to enter PIN or backup codes immediately
- You obtained the link by verifying the signature yourself
4. Use Tor Browser and Bookmark Carefully
Access the Nexus Darknet only through Tor Browser. Save the correct onion URL in your bookmarks only after you have verified it. Never click “remember this mirror” or similar on a site you have not verified. Avoid using links from email or clearnet.
5. Don’t Trust “Support” or “Admin” in Chat
Scammers impersonate support or admins on forums and chat. They will never ask for your password, PIN, or 2FA codes. The real Nexus Marketplace does not request these via chat. If someone does, it is a phishing attempt.
6. Two-Factor and Withdrawals
Enable 2FA (TOTP) on your account and keep the backup codes offline. Phishing sites often ask for 2FA or PIN immediately to capture them. On the real Nexus Marketplace, you enter 2FA at the normal step in login or for withdrawals. If the site asks for 2FA in an unusual way or before you have logged in, assume it is phishing.
7. Summary Checklist
- Get mirror URLs only from PGP-signed messages.
- Verify the signature with the official public key.
- Use only Tor Browser; never open .onion in a normal browser.
- Bookmark the correct URL after verification.
- Never enter PIN or 2FA in response to chat or unsolicited requests.
- If in doubt, do not log in—re-verify from a clean source.
For full OPSEC (including how to verify PGP and use Tails), see OPSEC Protocols. For verified mirrors, use Initialize Session after verifying the signed source.
← Back to Dashboard