How to Avoid Phishing Sites
Phishing is the primary attack vector against darknet market users. Fake clones capture login credentials and steal deposited funds. Every link you click is a potential trap.
How Phishing Attacks Work
Phishing attacks against darknet market users operate differently from typical web phishing. Since .onion addresses are long and complex (v3 addresses are 56 characters), attackers generate similar-looking addresses and create identical visual clones of the target marketplace.
These fake sites are distributed through Reddit, Telegram, Discord, YouTube comments, and private messages — often by accounts with credible-looking history. When you log in on a phishing site, your credentials are captured instantly. If you deposit funds, they are immediately swept to the attacker's wallet.
Credential Phishing
The fake site captures your username and password when you attempt to log in. The attacker then accesses your real account and steals all deposited funds.
Deposit Address Swap
The phishing site displays the attacker's wallet address instead of your account's deposit address. Funds sent go directly to the attacker, never to be recovered.
Social Media Distribution
Fake links spread through Reddit posts, Telegram groups, YouTube comments, and private messages. Many appear to come from trusted-looking community accounts.
Search Engine Poisoning
Attackers create clearnet websites designed to rank for "torzon link" queries. These pages redirect to phishing .onion sites with fake verification branding.
4 Steps to Verify Any Link
Use Only Verified Link Sources
Only use Torzon URL sources that have been PGP-verified by the admin team. This website maintains a current verified link list. Bookmark the verified link immediately after first use and never search for it again — always use your bookmark.
Verify the PGP Signature
Cross-reference all link lists against the official PGP-signed canary. Any link not covered by a valid admin PGP signature should be treated as hostile. Use GnuPG to verify the signature: gpg --verify canary.sig canary.txt
Check Every Character of the .onion Address
Compare every character of the onion address carefully. A fake Torzon link may differ by only one character. The full v3 onion address is 56 characters — verify the complete string. Consider copying to a text editor and comparing character by character.
Never Click Unverified Links
Do not follow links from Reddit, Telegram, Discord, or social media claiming to be the Torzon Marketplace. These are almost universally phishing attempts. The only safe source is a PGP-verified canary or this trusted link page.
Signs You May Be on a Phishing Site
How to Verify PGP Signatures
PGP (Pretty Good Privacy) cryptographic signatures allow you to verify that a message was signed by the holder of a specific private key. Torzon admins publish weekly PGP-signed canaries confirming which links are official.
Install GnuPG
Download GnuPG from gnupg.org. On Linux: sudo apt install gnupg. On macOS: use GPG Suite. On Windows: use Gpg4win. Tails OS includes GnuPG pre-installed.
Import the Admin Public Key
Import the Torzon admin public key from the market's official PGP key page. Verify the key fingerprint matches what's published on the market. gpg --import admin_pubkey.asc
Verify the Canary Signature
Download the latest canary text and its signature file. Run: gpg --verify canary.sig canary.txt. A "Good signature" result confirms the canary is authentic and the links within it are official.
Check the Canary Date
Canaries are published weekly. An outdated canary (more than 8 days old) should raise concern — it may indicate the market is under duress or that you're viewing a cached version from an untrustworthy source.