OsirisScanOsirisScan
Security

How phishing works, and the defence

The real threat is a lookalike, not the market vanishing.

The way most people lose money on a Tor market is a lookalike address that copies the market and harvests the password they type into it. Phishing, not exit scams, is the main threat, and the defence is a habit.

How the trap is set

An attacker stands up an onion that differs from a genuine one by a few characters in the middle, where the eye slides past a substitution. They copy the login page exactly. You type your password and it is theirs. Some clones then ask for a recovery phrase, which the real market never does at login.

The checks

Copy addresses from the signed pool on this explorer and never type one from memory. When the login captcha prints the market's address, hold it against your bar. A clone cannot serve the correct address in the captcha while sending you to the wrong one.