Each endpoint runs identical Vortex infrastructure. Your account, cart, and order history appear the same across all three. Copy any address and paste into Tor Browser. Never open a .onion URL in any other browser.
Loading…
Loading…
Loading…
Vortex market addresses are permanent v3 .onion endpoints — the address is derived from the server's ed25519 keypair and cannot be duplicated by a third party. If someone sends you an address shorter or longer than 56 characters, discard it. See the access guide for the full setup walkthrough.
All three mirrors share identical backend state. Differences in uptime and load time reflect network routing variations across Tor circuits, not server instability. Use whichever node responds fastest from your location.
| Endpoint | 30-day uptime | Avg load time | Last verified | Role | Action |
|---|---|---|---|---|---|
| NODE-01 | 97.7% | 1.3 s | 2026-04-23 08:14 UTC | Primary reference | |
| NODE-02 | 96.2% | 1.8 s | 2026-04-23 08:14 UTC | Failover | |
| NODE-03 | 95.8% | 2.1 s | 2026-04-23 08:14 UTC | Failover |
> data sourced from automated 6-hour polling · next update scheduled ~2026-04-24 00:00 UTC
The 97.7% uptime figure is across all three nodes simultaneously. Individual node availability is higher. On the rare occasions when one mirror goes temporarily inaccessible, the other two remain reachable — Vortex designed the three-endpoint architecture specifically for this scenario.
Vortex's purple and cyan design is visually distinctive — but every element can be replicated by a phishing site in minutes. The address itself is the only thing that cannot be faked. These steps take under two minutes and eliminate the most common attack vectors.
Vortex login — PGP 2FA challenge screen
Copy from a trusted source
Use the copy buttons on this page or on Dread's /d/vortex subreddit. Never type a .onion address manually — a single wrong character sends you to a different server entirely.
Count the characters
A valid v3 .onion address is exactly 56 characters followed by .onion. Any address shorter or longer is not a v3 address. Do not proceed.
Compare first 8 and last 8 characters
After pasting into Tor Browser, verify the first 8 and last 8 characters before pressing Enter. Phishing substitutions almost always appear in those positions.
Cross-reference with PGP-signed announcements
Download Vortex's PGP-signed canary from their Dread thread. Verify with GnuPG. The signed addresses in the canary are canonical — any discrepancy between those and this page is a red flag.
Set Tor Browser security level to Safest
Click the shield icon in Tor Browser and select Safest. This disables JavaScript. Vortex works fully without JS. The Standard setting is unnecessary risk.
Check the footer PGP fingerprint
After loading the Vortex site, scroll to the footer. The PGP fingerprint should read: 9F2C 44AE 71B3 0C9D 7E28 55FA 6301 88BD. A single character difference is a critical signal to exit immediately.
Vortex's visual identity is fully copyable. The deep purple background, magenta accent, Space Grotesk font, and terminal-style stat blocks can all be replicated with a few lines of CSS. Treat visual recognition as a secondary check only — the .onion address is the primary source of truth. Verify the address before inspecting anything else.
Legitimate Tor hidden services load slower than clearnet — Tor circuits add 1–3 seconds of overhead. A page that loads in under 400 ms is a local proxy, not the real Vortex. This is one of the clearest signals available even before the page renders.
A legitimate Vortex login page starts with empty username and password fields. Phishing sites sometimes pre-populate one field with a plausible username, relying on users entering only the password. If any credential field is non-empty on first load, exit without typing anything.
On the real Vortex, every copy button copies a valid .onion address matching the three addresses on this page. Phishing sites often disable copy buttons or redirect them to hardcoded addresses. Test a visible copy button: paste into a text editor and compare against this page's listed addresses character by character.
For broader reading on phishing and OPSEC, see EFF's Surveillance Self-Defense guide and Amnesty International Tech. Both publish practical guides relevant to anonymous network usage. For OS-level security, Tails OS and Qubes OS represent the current consensus for high-security Tor usage.
Technical questions about accessing, verifying, and using Vortex .onion addresses. See the full access guide for a step-by-step walkthrough, or the mirror list for the same three addresses in a different view.
For .onion addresses, standard HTTP is both correct and sufficient. The Tor network provides end-to-end encryption between your Tor Browser and the hidden service — the v3 .onion address itself is a cryptographic commitment to the server's public key. The address IS the public key fingerprint: a server can only claim that address if it holds the matching private key.
Adding HTTPS on top of a .onion would provide a second encryption layer but no certificate authority exists to verify .onion certificates independently. If you see a site claiming HTTPS with a padlock on a .onion address, treat it with caution rather than added trust. The address bar showing http:// for Vortex mirrors is expected and correct behavior.
Before pressing Enter, verify the first 8 and last 8 characters of the address against the addresses listed on this page. The full v3 address is 56 characters — verifying 16 of them covers the most common phishing substitution patterns involving similar-looking characters such as l vs 1, 0 vs O, and b vs 6.
After connecting, check the page load time. Vortex loads slightly slower than clearnet because Tor circuit overhead adds 1–3 seconds. A page rendering in under half a second may be a local phishing proxy rather than the actual hidden service. After the page renders, confirm the visual design — deep purple background, magenta-accent interface, Space Grotesk typography — as a secondary signal after the address itself has been verified.
No. Vortex operates exclusively as a Tor hidden service. The .onion address is not accessible from the regular internet regardless of which VPN you use. A VPN routes clearnet traffic through a different exit point but does not connect you to the Tor network or resolve .onion addresses.
You need Tor Browser, which includes a full Tor client. Some users combine a VPN with Tor Browser (VPN → Tor) as an additional operational security layer to prevent their ISP from seeing Tor traffic, but the Tor Browser itself remains mandatory. Avoid Brave Browser's built-in Tor windows — they use a stripped-down Tor implementation with weaker privacy guarantees than the official Tor Browser. Using Tails OS routes all traffic through Tor by default, making it a solid option for high-sensitivity sessions.
Vortex's preferred currency is XMR because Monero provides sender, receiver, and amount privacy by default through ring signatures, stealth addresses, and RingCT. Download Cake Wallet for mobile (iOS and Android) or the official Monero GUI for desktop. Create a new wallet and immediately back up the 25-word seed phrase in physical form — write it on paper, never save it digitally.
Fund with XMR from a KYC-free source, or convert BTC using a privacy-preserving swap service. Vortex's built-in exchange also lets you convert BTC or USDT to XMR after depositing to the platform — useful if you already hold other cryptocurrencies. Give your wallet several minutes to sync with the Monero blockchain before sending. An unsynced wallet may show zero balance even when funds have arrived.
Set security level to Safest. Click the shield icon in the Tor Browser toolbar and select Safest from the dropdown. This disables JavaScript entirely, eliminating the largest attack surface for browser fingerprinting, exploitation, and de-anonymization. Vortex loads and functions correctly without JavaScript — login, copy, checkout, messaging, and all other features operate without JS.
The Standard setting (default) leaves JavaScript enabled, creating unnecessary exposure for no functional gain on Vortex. Some users maintain a separate Tor Browser profile dedicated exclusively to marketplace access, resetting to a clean state for each session to avoid cross-session fingerprinting. This is sound practice, particularly when using the same device for other internet activity.
PGP is used at two separate points. First, during registration: Vortex asks for your PGP public key, which it uses to send encrypted order updates, vendor messages, and support responses. Second, on login: Vortex can require PGP 2FA — the platform encrypts a one-time challenge with your public key, and you must decrypt it with your private key to complete login.
This means even if someone knows your username and password, they cannot access the account without physical access to your private key. Generate your keypair with GnuPG or Kleopatra. Export only your public key to Vortex. Keep your private key temporarily inaccessible or on an encrypted container using VeraCrypt. Never paste your private key into any web form. For encrypted messaging outside Vortex, consider Briar or Element.
First, confirm that the addresses you're trying to reach match the verified addresses on this page. Simultaneous unavailability across all three mirrors is more commonly caused by using a phishing URL than an actual market outage. If addresses match, check Dread forum /d/vortex for a pinned status announcement signed by Vortex's canonical PGP key.
DDoS events affecting all three mirrors simultaneously are uncommon but do occur — the standard response is to wait 30–90 minutes and retry. Vortex uses a queue-based DDoS mitigation system that typically restores service within that window. If no signed status announcement appears after 6 hours across all mirrors, your escrow funds remain protected by the 2-of-3 multisig structure: releasing funds requires two keys (platform + buyer or platform + vendor), so no unilateral action can drain your balance during a downtime event.
After verifying the address and connecting, check these specific signals. The login form should not auto-fill credentials from a previous session — pre-populated fields on first load indicate a phishing page with cached data. The nav copy button should function and copy a valid .onion address. Test it: paste the copied text into a plain text editor and compare against the addresses on this page.
Check that the footer PGP fingerprint reads exactly: 9F2C 44AE 71B3 0C9D 7E28 55FA 6301 88BD. A single character difference here is a critical red flag. The URL in the address bar must remain a .onion address throughout your session — any redirect to a clearnet domain is an immediate exit signal. If you suspect you may have submitted credentials on a wrong address, change your password from a verified endpoint immediately and enable PGP 2FA if not already active.
Most darknet marketplace workflows require external steps: buy BTC or XMR on a clearnet exchange (requiring at minimum an account, potentially identity verification), transfer to a privacy-preserving swap service, convert to the correct currency, withdraw to a personal wallet, then deposit to the marketplace. Each of those steps is a potential exposure point and an opportunity for blockchain analysis to link your identity to the deposit.
Vortex's built-in exchange collapses several of these steps into one. Deposit in one currency, convert within the platform before purchasing, and stay entirely within Tor throughout the process. The exchange uses aggregated real-time rates — spreads are slightly wider than a centralized exchange, but the privacy gain offsets the difference for most users. USDT (TRC20) users benefit particularly from this: stable value through the full 14-day escrow period, without cryptocurrency price volatility risk. Vortex is currently the only major darknet market offering stablecoin support through an integrated exchange.
Copy the primary endpoint, open Tor Browser, set security level to Safest, and paste. Vortex market has been online since October 2023 — 54,447 registered users, 4,536 verified vendors, 13,158 active listings as of April 2026.
Loading verified address…
> primary node · PGP-signed · verified 2026-04-23 · open in Tor Browser only