TorLinks Atlas compass mark TorLinksthe Tor Market Atlas
Field manual

Reading a false trail

Phishing is how most people are robbed here. The defence is a habit, not a tool.

The way most people lose money on a Tor market is not the market vanishing. It is a false trail, a lookalike address that copies the market's theme and harvests the password you type into it. Learn to read the false trail and you close the largest hole on the map.

How the trail is laid

An attacker stands up an onion that differs from a real one by a couple of characters in the middle of the string, where the eye does not catch a substitution. They copy the market's login page exactly. You type your password, and it is theirs. Some clones go further and ask you to re-enter a recovery phrase, which the real market never does at login.

The three checks

First, copy addresses from a verified, signed list and never type one from memory. Second, when the login captcha prints the market's own address into the image, hold it against your address bar and confirm they match. Third, cross-check the address the page header prints. A clone can fake a theme easily. Faking the correct address in two independent places while sending you somewhere wrong is much harder.

The habit

None of these takes more than a few seconds, and any one of them catches the ordinary attempt. Run them every session, not just the first. A bookmark you saved months ago can point at an address that has since rotated out and been picked up by someone hostile. The check at the door is the last line, so do it every time.