A darknet market is a commercial website that operates via darknets such as Tor or I2P. They function primarily as black markets, selling or brokering transactions involving drugs, unlicensed pharmaceuticals, steroids, and similar stuff.
Most darknet markets use cryptocurrency to transact anonymously. These markets exist on the Tor for obvious reasons. Customers simply place their orders like they would on eBay and Amazon and the sellers ship their items via the postal service. It’s that simple.
Sellers who deliver the goods as promised receive higher ratings and are rewarded with a better reputation over time. This is similar to Amazon’s product reviews or eBay’s seller ratings. Not only do these ratings create accountability for the seller, but the Darknet market itself steps in to handle disputes and uncompleted transactions. This whole infrastructure makes the buyer all the more motivated to purchase their goods within a marketplace, as opposed to directly from the seller.
Before we can jump in and pick what market is best, you want to understand the different types of markets you will or different some of the different payment methods you will come across. The three main ones are:
- Direct Deal
Each market does things slightly differently so even if you see they are an escrow market make sure you take the time to read their user guides. Typically these are found on the market homepage, or on their market-specific sub dread.
Multisig Darknet Market
For the sake of keeping this simple, we are going to be talking mostly about 2/3 Multisig. The number simply refers to the number of keys that are required. So what is multisig? Multisig stands for multi-signature. This means that multiple approvals (signatures) are needed before a transaction is confirmed.
Although already present in other industries, the concept was first applied to Bitcoin addresses in 2012, which led to the creation of multisig wallets and even pure multisig markets like for example Hansa, CGMC, Cannahome or Versus.
These wallets and payment systems function by adding one or more private keys to the wallet. This way, transactions can only be confirmed by providing 2 or more private keys.
How do they keep my coins safe?
The graphic below should help explain how multisig works. Let’s run through a few examples of why multisig is useful.
- Increase Security – Hackers need all the participating keys to confirm a transaction and steal any coins.
- Company Transactions – for cryptocurrency businesses that work with multiple stakeholders, multisig wallets are optimal. It paves the way for decentralized organizations.
- Escrow Transactions – in this case, a multisig wallet can be used to lock the funds of a transaction between 2 parties until a 3rd trusted party (a Market) signs it with their private key.
Example: Let’s say the buyer makes a purchase from a vendor. The market decides to exit scam or is seized. The coins are actually still safe! Even though the market will not sign, you and the vendor can sign releasing the funds to the vendor. (After you get your pack of course.)
As you can see, nobody can simply run off with your money. There always have to work two parties together to release the money (the buyer and the vendor, the Darknet market and the buyer or the Darknet market and the vendor).
If you have the choice, always use Multisig if possible, don’t give exit scams a chance!
To use multisig with specific Darknet market please look at their help section or wiki where you should find how to do it.
Multisig wallet’s best practices
As with all wallets, you should always back up your key(s) and write your mnemonic phrase on a piece of paper.
When working with multiple keys, it’s best to keep these keys in different locations and/or devices so they can be protected independently.
Keep in mind that when sharing a multisig wallet, all private key holders will have to take extra care of their private key. If the requirements for signing the transaction can’t be met, funds will become inaccessible to everyone.
Escrow Darknet Market
In standard escrow, the market holds the money during the purchase. They are typically the most common types of the market you will find. You send your coins to the market-controlled wallet. If you received your order you tell the market to finalize your order and give the vendor your money.
Be careful: the orders finalize after some time automatically, in case you forgot to do it manually and so that the vendor has not to wait for ages for his money.
If you have not received your order or have issues with it (it was less than the amount you bought or the product was not as advertised), you can dispute it. That prevents the order from auto-finalizing and you can resolve that matter along with a market staff member and the vendor in a discussion. The market staff member then decides after the discussion what actions to take (e.g. who gets the money from the order or if one of your violated the market rules). Remember to message the vendor first if you have problems with your order, instead of disputing it right away.
The big risk is that the market can always run away with that money. It happened a lot in the past, some examples are the sheep market, Empire, evolution, abraxas, nucleus, and middle earth marketplace.
So using standard escrow is discouraged and you should use alternative payment methods.
Direct Deal/Finalize Early (FE) Darknet Market
Vendors that have been around a very long time sometimes will join Direct deal markets, or have FE status granted to them on an escrow market. Typically these vendors are considered more “trustworthy.”
Most markets now have rules in place that forbid vendors from requesting you FE them if they have not been granted that status. If you get a message asking you to FE from a vendor this should be a big red flag for you. Do not do it.
If you finalize early you basically give all your money to the vendor you make your order with. So as soon as you give up your order the vendor receives the money for it. It is like giving your street dealer your money and letting him run around the block to get the stuff.
As you can see this is extremely risky because it is easy to scammed. Especially if you have a buyer account with little history (few orders). Few people would believe you, and if you do get scammed using FE, you never get your money back. Sometimes vendors offer a lower price for the same item if you FE for it (because it is more convenient if they get their money instantly), but it is usually not worth the risk. It is also strongly discouraged to FE for new vendors since the risk that they scam you is even higher.
When it is okay to FE:
When you are okay with possibly never seeing your money or product again.
Example: I see a new vendor who is offering an eighth of medical bud for $15 as an introductory offer. I have extra money left in my account, I’m not gonna be in a bind if the vendor doesn’t come through, so I FE per his requirements. Whether the product comes or not, the worst thing is that I lose $15.
When you are confident, absolutely positive that the vendor will still ship the product. I have to put an asterisk beside this one because even upstanding, well-known vendors have made FE a requirement and then split the money. Anyone remember LucyDrop from SR? Most popular LSD vendor in his time. Required FE. Three months went by without a single complaint. Then BOOM! The vendor stopped shipping and walked away with over a million in BTC. Point is that even if a vendor is “trusted”, there’s still a chance that they will steal your BTC; but 99% of the time, trusted vendors will be honest and send your product.
When it is not okay to FE:
When you cannot afford to lose the money. This seems so common sense to me, but I continue to be amazed at the number of people who FE, get scammed, and lose money that either wasn’t theirs to begin with or money that they just couldn’t afford to lose. Example: If you’re a dealer and you borrow money from either customers or someone higher in the chain to make a purchase on a QP of some dank, you should NOT FE. If the vendor doesn’t send your product, you now owe money to many people. It doesn’t matter how good the deal looks or how reputable the vendor is, DO NOT FE.
When the vendor is shady or there are reports of scamming. Someone posted a couple of days ago, angry that the vendor RCI had not sent his product. He had FE’d on one of the markets and therefore could do nothing about it except get upset and post here. Why FE in this situation? His order was placed after there were bad reviews coming in for RCI. Another example is the vendor Heisenberg. He’s a known selective scammer who loves when you go ahead and FE for him. You’re already taking a chance by ordering from him anyway, why increase that chance by FE’ing?
Choosing A Darknet Market
Choosing a market can be very overwhelming. More and more markets come out every day. It is important to do your own homework about different markets, and vendors. You can check out dark.fail as It has a lot of different markets that have been around for some time, and have shown to be more reliable. Start there and just read up about different markets, and other user experiences. Check frequently on market subdreads before you make an order. This will keep you up to date on any policy changes, or just keep you safer from exit scams.
Each market processes orders slightly different, make sure you check out market user guides that are usually right on their subdread.
Where do I find links?
Make sure you NEVER accept links from people on forums, or sending you messages. Chances are they are just trying to phish you so they can steal your coins. The best place to get onions is directly from market staff. They will usually put their main onion address on their subdread.
No websites should ever be trusted in the next chapter we will talk about things that can happen to even the most trusted websites. DarkFail or DarkNetLive are considered more reliable sources, but should always be verified!
Note: This cannot be stressed enough. A member on staff can go rogue websites can be bribed. Before you login or create an account on any market, make sure you ALWAYS VERIFY the onion address. More on that can be found in the coming chapter, How to verify an onion address .
The other important part is finding a good vendor. You always want to stick with domestic orders when possible so finding a good vendor can take some time.
Once you have found a vendor you would like to deal with it’s time to do some extra homework on them. For starters, you can put their name into the dread search box, and see if you can find any reviews about them. If everything seems to check out go on a market they vend on and check recent feedback.
More in-depth tips for what to look for when selecting a vendor will be covered in the next post.
Important Tips For Using A Darknet Market
- NEVER let the market encrypt sensitive data (such as your address) for you. Always encrypt it yourself. The market can always store the plaintext version of your message, and send an encrypted one to the vendor. That way you both think it was encrypted while the market still has the original and unencrypted message. Also if the market gets taken over by law enforcement, they will store the plaintext versions of the messages that the users sent using the ‘PGP encrypt’ checkbox to harvest addresses. But they will still send the encrypted ones to the vendor to not make anyone suspicious.
- Use 2 Factor Authentication (2FA). It means you will have to decrypt a PGP message that was encrypted with your public key every time you log in, in addition to your username and password. Using 2 FA will greatly improve your chances of success when contacting the support of the market because you lost some funds for example (since 2FA makes it much harder for unauthorized persons to break into your account they will not just say that you got phished and close your ticket). To set up 2FA, go to your Darknet market account settings and look for an option to enable 2FA. Upload your public PGP key first in the settings first if you have not done it already.
- Found a link on the hidden wiki or similar sites? It is very likely that they are a scam.
- Never leave more bitcoins on a market than necessary. Ideally you should only transfer the necessary amount to the market if you also ready to make the purchase right after they have arrived in your market wallet. Leaving funds in your market wallet is too risky since the market can steal them at any given time.
- Make sure to never tell anybody about your Darknet market activities. This can not be emphasized enough.
- Never use the same username, password, PIN or PGP key-pair on more than one market. If an attacker or even rogue market staff gains access to your account on one market, he could easily break into the other ones as well and do even more damage (like stealing your coins or deleting your account).
- Do not use identifying usernames or passwords. That means your username should give no clue about who you really are, e.g. do not include your birth year in your username.
- Do not check tracking at all, unless a substantial or abnormal amount of time has passed without delivery. You will only leave traces when doing so but will not make it arrive faster. For more details visit the nonarriving packages chapter. If you absolutely have to check it (which should never be the case), do not use Tor to do it. It will be a huge red flag and law enforcement already knows about Darknet market users checking their packages over Tor. Instead use a third party website if possible, so not the one of your mail carrier but a website which checks the tracking for you. Examples are TrackingEx and PackageMapping. Also do not use your own WiFi for checking the tracking number. Use one that is not tied to your identity (e.g. a cafe) or use a VPN and choose a server that is in the same country as you (to not raise any red flags).
- Do not just order from the biggest vendor(s) on the market simply because of the size of their operation or because they pay for ads on a Darknet market or other site. Often there are smaller vendors who offer a better product with better customer service.
- Do you not know if it is a lower case L or upper case i in a captcha? It is almost always a lower case L.
- If a vendor suddenly changes his PGP key without signing it with his old one, stay away from him until he does so!
- When sending messages (no matter if on Reddit or a Darknet market) try to write all you have to say in one message. Nobody likes getting hit with a high notification counter when logging in just to realize that you wrote half of the new messages. It is also easier to answer for your chat partner if you sent only one message.
- When you make an order, the status of it will be unaccepted (or similarly called) at first. When the vendor confirms/accepts your order it will be marked as accepted or processing. Again the exact words vary from each Darknet market. The next step would be marked as shipped or in transit. The last step of the order is finalized or completed.
- It is not necessary to encrypt every message you send on a Darknet market. You absolutely have to encrypt all sensitive data such as addresses or tracking numbers. However mundane questions about the product for example do not need to be encrypted, since the vendor would need much more time to decrypt all messages.
- Do not use SWIM or a variation of it. It stands for “Somebody who is not me” and is absolutely useless. No law enforcement agent will stop his work when he sees that you used SWIM. It only makes you look like a complete noob. Instead, step up your OpSec which is far more helpful.
- Remove the version string from your PGP public key (which is the line that begins with “Version:” and is directly under the “—–BEGIN PGP PUBLIC KEY BLOCK—–” line). It is not necessary and just gives away information about the software that you are using.
- Are you not getting past the captcha although you always entered it correctly? Restart your Tor browser and visit the market address again to register (try another onion address if the market provides more than one). If that still does not work please go to your privacy preferences by entering about: preferences#privacy in your address bar or by going to Edit -> Preferences and selecting “Privacy” on the sidebar. Then click on the button ‘Exceptions…’ next to the checkbox labeled “Accept cookies from sites’ (which should be unchecked). Then paste the site address (the onion link of the market that you are using) into the input field. Click on “Allow for Session” and then on “Save Changes”. If you do not want to do it every time, check the checkbox “Accept cookies from sites” (it is the default setting anyway).
- NEVER use Tor gateways. By using them you send your login credentials and all other data in plaintext through the whole internet till it reaches the Tor gateway. So not only your ISP knows that you are buying drugs online but also the gateway can simply steal your bitcoins. Just follow the steps in the Darknet Buyer’s Guide as every other sane user.
- Get a scale. Seriously.
- NO market staff will message you on Reddit.
- Use KeePassXC to generate and store your market, Electrum, and PGP passwords.
- Unsure when to use “Bitcoin” and “bitcoin”? Bitcoin – with capitalization, is used when describing the concept of Bitcoin, or the entire network itself. e.g. “I was learning about the Bitcoin protocol today.” bitcoin – without capitalization, is used to describe bitcoins as a unit of account. e.g. “I sent ten bitcoins today.”; it is also often abbreviated BTC or XBT.
Other Goods You Can Find On A Darknet Market
Credit Cards: Nobody is going to sell you a physical cloned CC that you can use at a store or stick in an ATM and get money out. If they are selling them for less than the balance of the card they are basically giving you money as they could cash the cards out just as easily as you could.
PayPal accounts/transfers: People sell PayPal accounts/transfers because they can’t figure out how to beat PayPal’s anti-fraud systems to cash it out. If you think you can do that better than career fraudsters go ahead. Even on the highest-rated vendors for them on Evolution, there were still plenty of bad reviews about accounts being locked down minutes after receiving them.
Electronics: All onion electronics stores are scams. There is already a market where you can sell electronics you have carded or stolen from stores, it’s called eBay. The reason thieves target electronics is because they can be flipped for close to face value. Why would they set up a hidden service to sell stuff as stolen for half price when they could get 75% of its value on Ebay with much less hassle?
Darknet non-escrow “stores” in general: Unless it is being run by a vendor that started on a Darknet market(there should be a matching PGP key, don’t trust any other proof) they are all scams. They are primarily advertised on various “hidden wiki” sites where there is no place to leave feedback. Without escrow or feedback opportunities they have zero incentive to ever deliver a product to you.
Counterfeit Money: It is never a good idea to order and use it. Not only is law enforcement really going hard after such people (e.g. in the US the secret service is investigating counterfeit money cases), but it is also very hard to actually use the fake money. For example, the quality has to be very good, it takes very long to get rid of the fake notes and get real money back because you can not use them all at once but have to go to different places and can only carry one fake note at a time, . . . So counterfeit money is definitely not worth the risk.
That basically sums it up! Hopefully, this article gave you a bit of insight on what Darknet markets are and how they operate. If you are going to visit any of these sites (for educational purposes of course) make sure you use a Zero Trace Pen. This will avoid all the trouble of configuring your computer for a safe browsing setup.