How to Access Nexus Market via Tor Browser

1. Install Tor Browser from the Official Source

Open a regular browser, navigate to torproject.org, and download Tor Browser for your operating system. Do not use a third-party Tor distribution, a portable copy from a forum, or a torrent. The signed installer is the only safe acquisition path. After download, verify the signature using the Tor Project public key; the procedure is documented on the same site.

Failure mode this step protects against: backdoored Tor distributions that proxy your traffic through hostile relays or strip the protections that make Tor Browser safe.

2. Set the Security Slider to Safer or Safest

Once Tor Browser is installed and launched, click the shield icon in the top right and pick Safer (recommended) or Safest. Safer disables JavaScript on non-HTTPS sites by default, which covers most darknet marketplaces. Safest disables JavaScript everywhere, fonts, certain image formats, and several less-used APIs.

Nexus Market works correctly on Safer without any feature loss. If a Tor site insists on a lower security level, it is a strong indicator of a tracking-heavy phishing copy.

3. Copy the Verified Nexus Market Onion Address

The primary Nexus Market onion address is:

nexusb2l73qzjn4slhyfxa3jvpolw7fomiz5sgyyefnsdhikaqgborqd.onion

Copy the entire 56-character string. Pasting from a chat-group message, a YouTube comment, or a search-engine snippet is the most common way buyers land on a phishing clone, because phishers spam vanity-prefix addresses through those exact channels.

For the two backup mirrors, see the catalog on the guide home page. All three route to the same back-end.

4. Verify All 56 Characters Before Pressing Enter

Compare the address you copied against the operator PGP-signed Dread post character by character. A common phishing trick is to publish an address whose first ten characters match a real Nexus mirror and randomize the remaining forty-six. If you only glance at the start, the clone looks correct.

This step is the difference between landing on the real marketplace and handing your password to a scammer who will drain whatever you deposit. It takes thirty seconds.

5. Solve the Login Captcha and Check the Embedded Fingerprint

The Nexus login captcha is unusual in that the canonical onion fingerprint is embedded directly inside the image. After loading the page, look at the captcha picture and read the fingerprint baked into it. Compare against the address in your browser bar. They must match character for character.

Phishing clones cannot regenerate this image without the operator private key, so a clone either omits the fingerprint, ships a stale fingerprint that does not match its own URL, or uses a non-captcha login form entirely. Any of those three is a clear signal to close the tab.

6. Register a New Account With a Long Random Password

Pick a username that is not tied to anything else you do online. Use a long random password generated by a password manager, ideally twenty characters or more with no dictionary fragments. The marketplace has no email recovery and no SMS reset; the only recovery path is the mnemonic seed shown to you at registration.

Save the seed offline. Print it on paper, store it in a way only you can access. Lose the seed without the password and the account is unrecoverable. Save the password in a password manager that itself uses a strong master password.

7. Set Up PGP Before Sending Any Shipping Address

Generate a personal PGP keypair using Kleopatra, GPG Suite on macOS, or the gpg CLI on Linux. Import every vendor PGP key from their profile before placing an order. When you fill out the shipping address field, encrypt it with the vendor public key first. Never send a plaintext address through marketplace messaging.

Plaintext shipping addresses sitting in marketplace databases are the highest-value target for any future server seizure. PGP-encrypted addresses are inert without the vendor private key, which lives offline on the vendor side.

8. Fund the Account Through a Personal Wallet

Do not deposit straight from a KYC exchange like Coinbase, Binance, or Kraken. The exchange records the deposit address and ties it to your identity. Route every deposit through a personal non-custodial wallet first (Sparrow for BTC, Feather for XMR, Electrum for LTC). The hop breaks the direct on-chain link.

For better privacy, use XMR. Monero deposits are private by design and clear in roughly twenty minutes. BTC works fine for compatibility but leaks the deposit address pattern to anyone analyzing the chain afterward.

9. Bookmark the Verified Address Inside Tor Browser

After your first successful login, bookmark the verified onion address inside Tor Browser. Use that bookmark for every future visit. Do not type the address from memory and do not click links from outside Tor Browser. The bookmark is your stable reference; everything else is a phishing risk.

When the operator announces a mirror rotation on Dread, update the bookmark from the new signed post the same day. Stale bookmarks pointing at retired mirrors return destination-unreachable errors, which is annoying but safe; bookmarks pointing at a hijacked phishing replacement are the actual risk.