How to open Nexus Market in Tor

1. Install Tor Browser

Download from torproject.org directly. Verify the signature if you can (the Tor Project publishes both the installer and its detached signature). Don’t use a third-party download, tampered Tor Browser builds are a well-known attack vector and a search-engine result isn’t a guarantee of provenance.

Skip browser extensions. They break Tor’s anonymity model in ways that are invisible to you but glaringly visible to anybody fingerprinting your traffic. The Tor Project ships the bare browser without extensions for a reason.

2. Open a fresh window

New Tor Browser session. Set the security slider to “Safer” (the middle setting). Nexus works fine without JavaScript, and disabling JS removes a huge class of browser-based attack surface. If a page doesn’t render cleanly without JS you can drop the slider back to “Standard” for that session, but Nexus itself is fine on Safer.

3. Get a verified Nexus link

Copy one of the addresses on the mirrors page. Or pull from the operator’s most recent PGP-signed post on Dread, which is the same source we use here. Don’t paste from Telegram, Reddit, email or chat, those are where phishing clones live.

Last verified: 17 June 2026

• 01. nexusb2l73qzjn4slhyfxa3jvpolw7fomiz5sgyyefnsdhikaqgborqd.onion
• 02. nexusabcdrwy7632jfmkfu3f6u7usyw2xn2mcfiljunz6zsj4p5vioqd.onion
• 03. nexuspokkxp4ayqqec3c3lkekwhnjdqur5bqiocemx4t6sy3werqihad.onion

4. Paste, don’t click

Paste the onion into Tor Browser’s address bar. Hit enter. Do not click through from a search-engine result, do not click through from a chat link without verification, do not retype from a screenshot somebody sent you (people typo onions constantly and a typo is how phishers got their first lucky hit).

5. Verify against the page banner

Once Nexus loads, look at the page header. The canonical onion is printed there. Compare it character-for-character against the address bar. They must match. If they don’t, the page you’re looking at is a clone, close the tab.

Also glance at the login captcha. Nexus embeds the canonical onion fingerprint into the captcha image. A phishing clone that proxies the real captcha will show the real onion (mismatching the cloned URL bar). A phishing clone that renders its own captcha can’t reproduce a matching fingerprint without holding the operator’s private key. Either way, the mismatch is visible.

6. Register, or log in

First visit: hit Register. Pick a username (this is what vendors see, but don’t reuse one from somewhere else). Set a passphrase you’ll actually remember; if you lose it, recovery is not always possible. Save the PGP recovery details somewhere safe, offline storage if you have it, encrypted USB if not.

Returning visit: just log in. Solve the captcha. The fingerprint-embedded captcha is human-readable but designed to resist machine OCR, so type carefully.

7. Set up PGP before you place an order

PGP messaging on Nexus isn’t mandatory by default, but every vendor that cares about your privacy expects you to use it. Paste your public key into your profile so vendors can encrypt anything they send you. To encrypt a shipping address to a vendor, copy the vendor’s public key from their profile, import it into your PGP client (Kleopatra on Windows, GPG Suite on macOS, gpg CLI on Linux), encrypt the address text against that key, paste the encrypted block into the order notes.

The marketplace operator never sees the plaintext, only the vendor can decrypt it. If the operator’s server is ever seized or compromised, the residue of your shipping address is an encrypted blob rather than plain text. That’s the entire reason PGP exists in this context.

8. Fund the account

Click Deposit, pick a currency, send to the freshly-generated address. The address is yours and only yours, never reused. Confirmation count is typically two blocks for BTC, a few for LTC, around ten for XMR (which is roughly twenty minutes wall-clock). The balance credits automatically once the network confirms.

Use Monero unless you have a specific reason to use Bitcoin. Monero hides amounts, sender and receiver at the protocol layer; Bitcoin’s ledger is public and forensic services routinely tie exchange withdrawals to on-chain darknet activity. The choice has consequences. Default to XMR.