nexus market — official onion gateway, verified mirror roster, PGP authenticated

This page is the canonical reference for the working Nexus Market URL in 2026. The market operates as a Tor v3 hidden service and publishes three signed onion mirrors that share the same backend through encrypted tunnels. The mirror roster below is republished here whenever the master key signs a fresh timestamp, currently on a 24 hour cycle.

The text is intentionally plain. There is no animation, no analytics, no third-party assets. Save the page if you like, the markup is small enough to keep in a local notes folder. Nothing on this gateway requires JavaScript to function except the Copy buttons, which fall back to a manual selection on a graceful degrade.

Mirror roster

Three v3 onion addresses. Each runs independent infrastructure, in a different region, behind a separate Tor descriptor. A coordinated takedown of any one mirror has no effect on the other two. Latency drift between them reflects exit routing, not load on the market.

Master PGP key

The master key has not rotated since the platform opened. Subkeys for support, vendor desk, dispute panel, and security disclosure rotate quarterly. Subkey rotations are signed by the master and witnessed independently. The master fingerprint 0A9D is the canonical authenticity check across every signed surface.

Verification flow

The four-step verification flow, run on every login. Treat any deviation as a phishing event.

If GPG returns BAD signature, abandon the session. Close the tab. Re-pull the onion from this gateway. If GPG returns GOOD with a warning that the key is not certified, the signature is still cryptographically valid. After confirming the fingerprint matches the published master, sign the key locally to silence the warning on future runs.

Access procedure

1. Pull an onion from the roster in section 1 with the copy control. Do not type the address by hand. Do not transcribe from screenshots. Do not accept it from another user.
2. Open Tor Browser pulled from torproject.org directly. Verify the installer signature. Bundles distributed by mirrors and re-uploaders are out of scope.
3. Slide the security level to Safest before loading any URL. JavaScript off, remote fonts off, media click to play.
4. Paste the onion into the URL bar. Press Enter. Wait for the login page to render fully. Do not enter credentials yet.
5. Run the verification flow in section 3 against the timestamp block on the login screen. GOOD signature ending in 0A9D is the clearance to log in. Anything else aborts the session.
6. Log in with a password generated for Nexus alone, stored in an offline manager. Never the same password as any other account.

Architecture notes

The frontend is a static bundle served from the hidden service. Every interactive component speaks to the backend through an encrypted JSON envelope. Order details, vendor messages, and shipping address blobs encrypt locally in the browser before transmission. The backend stores ciphertext keyed to the user session and the recipient public key. A leak of the database yields encrypted blobs, not plaintext.

Escrow is a 2-of-3 multisig contract on Monero, with a Bitcoin layer for legacy balances. Buyer, vendor, and platform each hold one signing key. Funds release requires two signatures. The platform key signs only in dispute resolution. There is no hot wallet, there is no pooled treasury, there is no single key that can drain a contract.

Mirrors are operated as independent hosts, not load balancers. Each runs its own Tor instance, its own descriptor publishing, and its own rate limit. Outages on one mirror do not cascade. The probe network signs availability data with a separate observer key, witnessed quarterly by independent custodians.

Currency policy

Monero is the default settlement currency. New buyer accounts onboard directly to XMR. Bitcoin remains supported only for legacy balances that predate the 2024 currency rotation. The reasoning is mechanical, not ideological.

• Bitcoin transactions are public and indexed by chain analysis vendors in real time. The footprint follows you across exchanges, mixers, and merchants.
• Monero ring signatures, stealth addresses, and ringCT hide sender, recipient, and amount. The footprint terminates at the wallet boundary.
• For a market whose entire purpose is privacy, only one of the two defaults makes sense.

Recommended wallets: Feather Wallet for desktop, Monero CLI for hardened sessions, Trezor and Ledger for cold storage. Avoid web wallets entirely. Avoid any tool that asks for a seed phrase in a browser form field.

Vendor onboarding

Apply through the in-market vendor portal after a buyer account in good standing exists. The application requires a PGP key, a vendor handle, a category list, a description, and an upfront bond denominated in XMR. The bond amount tracks category risk. It is held in multisig with the platform and refunded after the probation window or forfeit on the first confirmed scam complaint.

Vendor profiles are signed at submission. Buyer feedback is signed at the moment of leaving. Neither can be edited later. A vendor cannot cleanly walk away from a bad rating, the only path is more orders.

Reputation imports from prior markets are accepted as soft evidence in the application review. Signed feedback exports from Empire, Dream, AlphaBay, and other markets that issued cryptographic signatures shorten the probation window. They never waive it entirely.

Dispute model

Disputes are filed inside the order ticket, after the listed delivery window has lapsed and after at least one good-faith message to the vendor has gone unanswered for 48 hours. Premature disputes are dismissed without prejudice. The order ticket is the only legitimate dispute channel.

The dispute panel rotates among long-tenured staff. The same composition never sits twice in a row. Rulings are written, signed, and attached to the vendor profile permanently. There is no private deal-making with the platform, there is no reversal. The only recourse for a wrong ruling is appeal to a fresh panel within 14 days. Even on appeal the original ruling stays on the profile, only the appeal outcome is added.

Threat model

The realistic threat list, ordered by frequency observed across the operator log:

1. Phishing clones. Pixel-perfect copies of the login screen behind clearnet domains or recycled onions. Mitigation: PGP signature verification on every session.
2. Credential reuse. A password leaked from any unrelated breach gets tried against vendor and buyer accounts. Mitigation: unique passwords stored offline, never reused across markets or services.
3. Cross-market PGP key reuse. The most reliable deanonymisation vector in the wild. Mitigation: one PGP key per identity, never tied to a clearnet handle.
4. Wallet seed compromise. Browser wallets, copy-paste accidents, screenshots of seed phrases. Mitigation: hardware wallet or air-gapped CLI for any non-trivial balance.
5. Tor Browser fingerprinting. Custom resolutions, font lists, and plugin patches re-identify users. Mitigation: default Tor Browser, Safest security level, no extensions.
6. Social engineering through DMs. Telegram, Discord, Reddit. The market does not operate on any of those. Anything claiming to is impersonation.

FAQ

What is the official Nexus Market URL?

The three v3 onion addresses listed in section 1. Verify under fingerprint 0A9D before any login attempt.

How often does the URL change?

The addresses rarely change. What rotates daily is the signed timestamp that proves the gateway is current. A mirror retirement, when it happens, gets 72 hours of overlap with the new address before the old one drops.

Why is Monero the default?

Public ledger versus private ledger. Bitcoin is indexed in real time by chain analysis vendors selling to law enforcement and exchanges. Monero is not. For a market whose purpose is privacy, only one of those defaults fits.

Is there a clearnet support address?

No. Encrypted onion email only. Anything claiming to be Nexus support on clearnet is impersonation.

What if all three mirrors are down?

Tor congestion is routine. Wait five to ten minutes. If outage persists past 30 minutes, reload this gateway. The roster updates faster than the market core.

Does Nexus Market have an affiliate program?

No. If you found Nexus Market through an ad, the destination is not Nexus Market.

Is Tor Browser enough?

For most buyers yes, with Safest security and no extensions. Vendors handling shipping addresses or vendor key material should add Tails or Whonix.

Operational history

• 2023-09-14 Master key generated. Cross-signed by three independent witnesses.
• 2023-10-08 Public onion launched. Beta vendor cohort of 14 verified profiles.
• 2023-11-04 Public access opened. Mirror roster expanded to three.
• 2024-03-12 Subkey rotation ceremony. Master fingerprint unchanged.
• 2024-09-22 Currency rotation. New buyer accounts onboard directly to XMR.
• 2025-02-18 First public phishing watch update on this gateway.
• 2025-12 Quarterly key ceremony, witnesses cross-signed observer key.
• 2026-04 Current operating window. Three mirrors, one master, no breaches.

Search index

Phrases that route to this page: nexus market, nexus market url, nexus market onion, nexus market mirror, nexus market mirrors, nexus market login, nexus market 2026, nexus market 2025, working nexus market link, official nexus market, nexus market pgp, nexus market gateway, nexus market address, nexus market tor, nexus market v3 onion, nexus market reference, nexus market manpage, nexus darknet market, nexus market backup, nexus market alternative, darknet market mirrors, tor market, onion market, dark web market, gpg verify, multisig escrow, monero market, xmr market, hidden service.

---