The marketplace security team has issued an urgent warning following the identification of over 15 fake domains and onion addresses impersonating the platform. The phishing campaign, which appears to have begun in late February 2026, represents one of the most coordinated impersonation efforts the platform has faced to date.
Unlike previous phishing attempts that used obviously modified onion addresses, several current phishing sites use sophisticated address-generation techniques producing .onion addresses with identical prefix characters to the legitimate marketplace mirrors. The phishing sites are visually identical to the real marketplace interface, including the correct layout, branding, and login flow.
In several documented cases, users who logged into phishing sites found their real marketplace accounts accessed and funds drained within minutes of credential theft. The security team has published an updated PGP-signed announcement containing all three verified mirror addresses. Additional red flags in the phishing sites include different CAPTCHA implementations, login confirmation emails (the real platform never sends email), and unusual session behavior after login.
Users are urged to verify the PGP-signed announcement before connecting to any marketplace address. Verified onion links are listed on our marketplace access page. For a detailed guide on avoiding phishing sites, see our phishing protection guide.