Phishing Protection Guide
How attackers create fake DrugHub clones, how to identify them, and the verification steps that protect your credentials and funds.
Active Phishing Threat
At any given time, dozens of fraudulent sites impersonate the DrugHub Darknet market. These sites are pixel-perfect copies that capture your username, password, and sometimes intercept XMR deposits. The only protection is PGP signature verification. See our verified links page for the authenticated DrugHub URL.
How Darknet Phishing Works
Onion Clone Sites
Attackers create visual replicas of legitimate markets and register them as V3 onion addresses. Because all .onion addresses look like random strings, users cannot visually distinguish legitimate from fraudulent addresses without verification. These clones capture credentials within seconds of login.
Fake Link Lists
Forum posts, Reddit threads, and Pastebin documents claiming to list "official" DrugHub Onion addresses frequently contain substituted phishing links. These posts often appear authoritative, include fake uptime statistics, and are promoted through sock puppet accounts.
Social Engineering
Direct messages on market platforms, Telegram channels, and Dread forums from accounts impersonating market staff. Common vectors include "account suspension" warnings with links to "resolve" the issue, fake vendor dispute notifications, and promotional offers from impersonated vendor accounts.
Redirect Chains
Clearnet sites (like this one) that redirect to phishing onion addresses rather than legitimate URLs. The clearnet site appears legitimate, building false trust before the redirect. Always verify the final .onion destination against PGP-signed link lists.
Deposit Interception
Advanced phishing sites intercept XMR deposit addresses, replacing legitimate market wallet addresses with attacker-controlled wallets. The user sees a deposit confirmation but funds are redirected. Funds stolen this way are essentially unrecoverable.
Search Engine Manipulation
Fraudulent sites targeting queries like "DrugHub URL" or "DrugHub Market link" appear in search results through SEO manipulation. Never trust search engine results for onion addresses — always use PGP-verified link directories.
How to Identify Phishing Sites
The only reliable method. Every legitimate DrugHub Darknet address release is signed with the market's private PGP key. Import the public key from our verified links page and verify the signature. A valid signature = legitimate address.
Tor Browser shows a padlock for .onion services with SSL certificates. The certificate fingerprint should match the known DrugHub certificate. Phishing sites either lack SSL or present a different fingerprint.
Phishing sites are pixel-perfect copies. The login page, market interface, and even CAPTCHA systems may be identical. Never use visual appearance as verification. A site looking "right" is not evidence of authenticity.
Fake link sites often include fabricated uptime monitors and "live" status indicators. These are trivially easy to fake and provide no authentication value whatsoever.
Confirm addresses across multiple independent PGP-signed sources. If the same address appears in multiple signed publications from the same key, confidence increases significantly.
If You've Been Phished
Immediate actions if you believe you've entered credentials or funds into a phishing site:
Do not attempt to log in again. Do not check balances. Close Tor Browser immediately to prevent any session hijacking from completing.
Any username/password combination entered on a phishing site should be considered fully compromised and must never be used again anywhere.
If you deposited Monero to an address provided by a phishing site, those funds are gone. Monero transactions are irreversible. Document the phishing address to warn the community.
Create completely new accounts with new usernames, passwords, and PGP keys. Return only to addresses verified through the PGP process described on the verified links page.
Verify Before You Connect
Access the PGP-authenticated DrugHub URL list with verification instructions, market statistics, and anonymous Tor access guide.
View Verified Links →