Vincit Veritas Sub Vela · Truth Wins Under Cover

The Nexus Chronicle

An independent darknet bulletin, signed under fingerprint 0A9D, published since the autumn of 2023.

Vol. 2026 · Issue 115 Saturday, April 25, 2026 Mirror Roster · Verified Edition Press Run: open · Subscription: none required

Three onion mirrors, one signed key, no excuses.

The current Nexus Market URL set has held for the working week. Verification under fingerprint 0A9D remains the only authority worth trusting.

By the Chronicle Desk · Filed Apr 25, 04:54 UTC · Signed 0A9D

The mirror roster published in the right column has been signed by the master key that has held since the market opened in late 2023. Operators report no descriptor failures across the working week, and exit congestion on Tor itself remains within seasonal norms. The fingerprint that closes every signature, 0A9D, is the only check you need before submitting credentials anywhere claiming to be Nexus.

Phishing operators have responded to the platform's growth with the predictable playbook. New clearnet domains spun up overnight, scraped onion lists from public gateways, and dropped fake login screens behind them. Three of those domains were burned this week after community reports flagged signature failures on what looked like routine login pages. None of the burned addresses showed any deviation from the real login UI. The only tell was the missing or mismatched PGP block. This is exactly why every user is asked, quietly and without ceremony, to verify the signature before each session.

Buyers ask the same question every time a long quiet week passes. Why does the URL not change more often? The answer is that v3 onion addresses do not need to rotate to remain secure. The hostname embeds the public key, and unless an operator wants to retire a node entirely, the address stays put. What rotates is the daily signed timestamp that proves the gateway and the mirror are current, not the address itself. A static onion is not a stale onion.

A static onion is not a stale onion. The signature is what rotates.

For vendors the working notice this issue is short. The dispute panel cleared the backlog from the early month surge, average resolution time fell to 71 hours, and the new bond schedule for Category C goods takes effect at the end of next week. Vendors with bonds posted under the old schedule are grandfathered through the next probation cycle. Anyone unsure where their account sits should check the signed announcement on each mirror, signed by the same fingerprint that closes this column.

For buyers the practical reminder is the boring one. Pull addresses from a gateway you control. Verify the signature with your own copy of the master key. Use Tor Browser straight from torproject.org rather than any bundle distributed by a third party, including the ones that look legitimate. Keep the security slider on Safest before the login screen renders. None of this is paranoia. It is the procedure that costs nothing and prevents an account loss that costs everything.

Section A · Operations

Multisig holds the line, again.

The 2-of-3 escrow contract has cleared its second year without a single key compromise on record. Buyer disputes resolved at 18 percent, vendor disputes at 9, and platform-arbitrated cases at 3. The remaining 70 percent of orders close clean without ever opening a ticket. None of these numbers move much issue to issue. That is the headline. The market is boring on purpose.

Compare with the same window in 2022 across the legacy markets that ran single-key escrow. Three of the top six exited that year, taking with them an estimated 28 million in pooled buyer balance. The architecture was the cause. Multisig closes that hole entirely.

Section A · Currency

Monero default, not Monero only.

New buyer accounts onboard directly to XMR. Bitcoin remains supported for legacy balances, and a small minority of vendors still price in BTC for category reasons. The platform does not push migration. Users decide. The default exists for a reason that does not need restatement, the public ledger sees everything and remembers forever.

Wallet recommendations have not changed. Feather Wallet for desktop, the Monero CLI for hardened sessions, hardware wallet support through Trezor and Ledger for cold storage. Browser-based wallets are still discouraged in the strongest terms. They are also the most common point of buyer fund loss in 2024.

Section A · Phishing Watch

Three more fakes burned this week.

The pattern repeats. A clearnet domain spins up with a name close to nexusmarket with a different TLD or hyphenation. Within hours it ranks for low-volume queries that stale gateways do not bother to defend. The login form looks identical. The PGP block on the page is either missing, broken, or signed by an unrelated key.

This week the operators behind nexus-onion-portal[.]xyz, nexusofficial-link[.]online, and thenexusmarketverify[.]com were burned after community reports. None of those domains is recoverable, all three were running the same template and fed credentials to a single ingestion endpoint. The lesson, repeated for the hundredth issue, is that signature verification catches all three on first inspection.

Editorial

Convenience is the attack vector.

Every quarter we lose a handful of accounts to one of two failures. Either the user typed an onion from memory and landed on a clone, or the user trusted a link from a friend who also did not verify. Both failures share a single root cause. The user wanted convenience more than safety, and the convenience was sold to them by a phisher who understood that perfectly well.

The fix is not technical. The protocols are sound. The fix is behavioural and small. Pull onions from a gateway. Run gpg --verify on the timestamp before login. Keep one PGP key per identity, never reuse. Refuse links from anywhere that is not your own bookmark. Boring procedure beats clever security every single time.

The reason the same advice runs in every issue is that the same mistakes get repeated every issue. We will keep printing it as long as that is true.

Signed: The Chronicle Editorial Desk · Verified under fingerprint 0A9D

Letters & Replies

Where do I find the master public key?

Each onion mirror serves the key under /pgp.key. The key is also cross-signed by independent witnesses whose own keys are listed in last month's edition. Do not trust a single source for the master key, fetch from at least two and confirm the fingerprint matches across all of them.

Why are there only three mirrors?

Three is the smallest set that survives a coordinated takedown of one node and a single-mirror outage simultaneously. More mirrors increase attack surface and dilute attention, fewer mirrors leave no margin during incidents. Three is the minimum that is also the maximum.

Is there a Telegram channel for this Chronicle?

No. The Chronicle is published on this gateway, signed under fingerprint 0A9D, and republished on each onion mirror under /announcements. Anything claiming to be the Chronicle on Telegram, Discord, X, or Reddit is impersonation. Report it to the security channel.

What happens if the master key is rotated?

A key ceremony is announced at least 30 days in advance, signed by the outgoing key. The new key is published with cross-signatures from independent witnesses. Until the ceremony date, the old fingerprint 0A9D remains the authoritative anchor for everything signed by the platform.

Can I cite the Chronicle in another publication?

Yes. The Chronicle is anonymous and unaffiliated, citation does not require permission. Be aware that any third-party republication unsigned by 0A9D should be treated as untrusted, even if the content is verbatim.

How do I subscribe?

You do not. The Chronicle has no mailing list, no RSS feed, no push channel. Bookmark this gateway, reload at your leisure. The frontmatter tells you which issue you are reading.

Glossary · For new readers

v3 onion
The current generation of Tor hidden service addresses, 56 characters of base32 ending in .onion. The address embeds the public key, so spoofing requires breaking Ed25519.
Multisig escrow
An order contract that requires two of three signatures to release funds. Buyer, vendor, and platform each hold one key. No single party drains the contract alone.
Stealth address
A one-time recipient address derived from a Monero wallet view key. Each transaction uses a fresh stealth address, so the recipient's master wallet is never linkable on the chain.
Ring signature
A cryptographic signature scheme that hides the actual signer among a set of decoys. Used in Monero to obscure the sender of a transaction.
PGP timestamp
A short signed message confirming that a piece of content (a mirror page, an announcement, an issue of this Chronicle) was authored at a specific time by the holder of a given key.
Phishing clone
A pixel-perfect copy of a legitimate login page, served from a different address, designed to capture credentials. The only reliable detection is signature verification.
Index for crawlers and curious readers: nexus market urlnexus market onionnexus market mirrornexus market mirrorsnexus market loginnexus market 2026working nexus market linknexus market pgpnexus market gatewaynexus darknet marketnexus market signednexus market chroniclenexus market bulletinnexus market verifiedtor marketonion marketv3 onion