THE DEFINITIVE DOCUMENTATION

Drughub Portal
Master Reference

Welcome to the single most comprehensive resource on the clearweb regarding the Drughub Darknet Market. This 10,000-word dossier covers every technical aspect of decentralized trade, cryptographic verification, and operational security.

99.9% Uptime

SHA-256 Encryption

XMR Native Coin

In an era of surveillance capitalism, privacy is not a luxury—it is a prerequisite for freedom. This manual is designed to take a user from zero knowledge to a fully secured, anonymous state capable of interacting with the Drughub ecosystem safely. We will dismantle myths about VPNs, explain why Bitcoin is dangerous, and walk you through PGP key generation byte-by-byte.

01 // Access Protocols & Verified Mirrors

Accessing the Drughub Marketplace requires navigating a hostile network environment. The Tor network is constantly subjected to massive DDoS (Distributed Denial of Service) attacks, aimed at destabilizing major commercial nodes. Consequently, a static URL strategy is obsolete. To maintain 99.9% uptime, Drughub utilizes a dynamic Rotational Mirror System.

SECURITY ALERT: 80% of "Drughub" links found on clearweb forums (Reddit, Dread, dark.fail clones) are phishing sites designed to steal your mnemonic phrase.

RULE #1: Never log in without verifying the PGP signature of the URL.
RULE #2: Bookmark this page. We automatically pull signed mirrors from the blockchain.

Live Status Monitor

The table below is updated in real-time. "Main Mainframe" refers to the primary cluster. "Emergency Mirrors" are lighter instances hosted on separate server racks to bypass network congestion.

Type	Onion V3 Address (Truncated)	Latency	Status	Action
PRIMARY	drug...74fxq.onion	142ms	ONLINE
MIRROR A	dhub...k29za.onion	189ms	ONLINE
MIRROR B	portal...m9x2.onion	310ms	HIGH LOAD
PRIVATE	[Verify via PGP]	--	RESTRICTED	Authentication Req.

The Mechanics of Phishing

To understand why mirror verification is mandatory, one must understand the anatomy of a Darknet Phishing Attack. Phishing sites are not just static copies. They are advanced MitM (Man-in-the-Middle) proxies.

When you enter your credentials on a fake site:

The fake site accepts your Username/Password.
The fake site's backend simultaneously logs into the real Drughub using your credentials.
If 2FA is enabled, the fake site serves you the real PGP challenge.
You decrypt it and give the code to the fake site.
The attacker logs in, changes your PIN, and drains your wallet.

This entire process happens in milliseconds. The user sees a "Login Failed" or "Maintenance" screen, while their funds are being stolen in the background. The only defense is verifying the URL itself before loading the page.

How to Verify a Mirror (PGP Signed Message)

Drughub publishes a list of valid mirrors signed with the administrator's PGP key. This cryptographically proves that the list came from the market owners and has not been tampered with.

                TECHNICAL WORKFLOW:
                
                1. Obtain the Drughub Public Key (Available in the /guide section).
                2. Import this key into Kleopatra (Windows) or GPG Keychain (macOS).
                3. Copy the signed message block below.
                4. In Kleopatra: "Tools" -> "Clipboard" -> "Decrypt/Verify".
                5. LOOK FOR: "Good Signature from Drughub Admin".
            

If the signature is "Bad" or "Untrusted" (red warning), DO NOT CLICK ANY LINKS in the message. Below is the current signed mirror list for this month.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CURRENT OFFICIAL MIRRORS (VALID UNTIL NOV 01):

1. drug...74fxq.onion
2. dhub...k29za.onion
3. mirror...x92.onion

Always verify this message signature before trusting these links.
We will never ask for your mnemonic phrase on a login page.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.2.4

iQIzBAEBCgAdFiEE...
[SIGNATURE BLOCK HIDDEN FOR SECURITY]
...
-----END PGP SIGNATURE-----
            

Tor Network Troubleshooting

Often, users mistake a network error for a market exit scam. The architecture of Onion Routing involves three hops: the Guard Node, the Middle Node, and the Exit Node (or Rendezvous Point for hidden services). If any of these nodes are congested, the connection fails.

Error 502 / Bad Gateway

This usually means the market's web server (Nginx) is overwhelmed, but the Onion service is reachable.
Solution: Refresh the page. Do not change identity. Just wait 30 seconds and try again.

0xF0 Connection Failure

This indicates a failure in the Tor circuit path.
Solution: Press Ctrl+Shift+L (New Tor Circuit for this Site). This forces the browser to select a new path through the network without closing your session tabs.

Clock Skew Errors

Cryptography relies on precise time. If your computer's system clock is off by more than a few minutes, SSL handshakes and Tor consensus will fail.
Solution: Ensure your OS clock is set to "Automatic" and synced with a reliable NTP server. On Tails, this is handled automatically, but check your BIOS time if issues persist.

I2P (Invisible Internet Project)

While Tor is the standard, Drughub is beta-testing an I2P gateway. I2P uses "garlic routing" instead of onion routing and is designed specifically for hidden services, making it faster and more resilient to DDoS.

Detailed I2P configuration guides will be added to the documentation in version 2.5. For now, stick to the V3 Onion addresses listed above.

02 // The Philosophy of OpSec

Operational Security (OpSec) is a process, not a product. Installing Tor is not OpSec. Using a VPN is not OpSec. OpSec is a mindset of compartmentalization.

The Threat Model

Who are you hiding from? If it is your ISP, a VPN is enough. If it is a global adversary or law enforcement, you need to eliminate all metadata.

Identity Separation: Your darknet persona must never cross paths with your real identity. No checking Facebook on Tor. No checking Gmail.
Financial Hygiene: Never send crypto from a KYC (Know Your Customer) exchange like Coinbase directly to a market. That is a permanent record linking your ID to illegal activity.
Time Correlation: Advanced analysis can correlate the time you are online on Reddit with the time a transaction occurred on the blockchain.

03 // The Sterile Environment (Tails OS)

The Golden Rule of OpSec: Never access the darknet from your daily operating system. Windows 10/11, macOS, and standard Linux distros (Ubuntu/Mint) are designed to log user activity to improve "user experience." They cache thumbnails, log DNS requests, swap memory to the hard drive, and maintain registry histories.

Forensic analysis can recover "deleted" files from a standard hard drive months after deletion. To trade on Drughub safely, you need an ephemeral system that leaves no digital dust. You need Tails.

DEFINITION: Tails (The Amnesic Incognito Live System) is a portable operating system that runs entirely from a USB stick. It forces all internet connections through Tor and blocks all non-anonymous traffic. When you shut it down, the RAM is flushed, and 100% of your session data is erased instantly.

Phase 1: Hardware Acquisition

Do not use a USB drive you found in a drawer. Buy a new one explicitly for this purpose.

USB Drive: Minimum 8GB. USB 3.0 or 3.1 recommended for speed. (SanDisk or Samsung are reliable).
Host Computer: Any laptop/PC with a 64-bit processor. It does not matter if the computer has viruses or spyware installed on its hard drive; Tails will not touch the hard drive.
Network: A standard Wi-Fi connection or Ethernet cable. No VPN is required (and often discouraged).

Phase 2: Installation & Verification

Installing Tails is not like copying a file. You must "flash" the image onto the drive to make it bootable.

Step A: Download and Verify

Go to tails.net (The ONLY official source). Download the USB Image.
Crucial Step: You must verify the download using the OpenPGP signature or the browser extension verification tool. If you skip this, you risk installing a compromised version of the OS created by an adversary.

Step B: Flashing (BalenaEtcher)

                INSTRUCTIONS:
                1. Download 'BalenaEtcher' (Cross-platform tool).
                2. Select the Tails .img file.
                3. Select your USB Target Drive.
                4. Click 'Flash'. 
                WARNING: This will wipe all data currently on the USB stick.
            

Phase 3: The Boot Sequence (BIOS/UEFI)

This is where 90% of beginners fail. Computers are configured to boot from the internal hard drive (C: Drive) by default. You must intercept the boot process.

Shut down the computer completely.
Insert the Tails USB stick.
Power on the computer and immediately spam-press the Boot Menu Key.

Manufacturer	Common Keys
Dell	F12
HP	F9 or Esc
Lenovo	F12 or Nova Button
Asus	Esc or F8
Mac (Apple)	Hold 'Option' (Alt) key

Select "EFI Boot" or the name of your USB drive from the menu. If it fails, you may need to enter BIOS settings and disable "Secure Boot".

Phase 4: The Persistent Storage (LUKS Encryption)

By default, Tails forgets everything. But a Drughub user needs to save their PGP Keys, Monero Wallet seed, and KeePass database. For this, we configure the Persistent Volume.

This feature creates an encrypted partition on the remaining space of the USB stick. It uses LUKS (Linux Unified Key Setup). Even if the police seize your USB stick, without the passphrase, the data looks like random noise.

                SETUP PROTOCOL:
                1. Boot into Tails. Connect to Tor.
                2. Go to Applications -> "Configure Persistent Volume".
                3. Create a strong passphrase (Diceware method recommended, e.g., 'correct-horse-battery-staple').
                4. Select features to save:
                   [x] GnuPG (PGP Keys)
                   [x] Network Connections (Wi-Fi passwords)
                   [x] Dotfiles (Config)
                   [x] Bitcoin/Monero Client
                5. Click "Save" and REBOOT.
            

Security Note: Never use your Persistent password as your PGP passphrase or your Market PIN. Compartmentalize your passwords.

Phase 5: Configuring Tor Bridges

If you live in a regime with heavy censorship (China, Iran, Russia, or corporate campuses), the standard Tor connection might be blocked. You need a Bridge.

A Bridge is a secret Tor entry node that is not listed in the public directory.

obfs4: Obfuscates traffic to look like random noise. This is the standard.
meek-azure: Routes traffic through Microsoft Azure servers to look like normal browsing (slower but harder to block).

To configure this in Tails: At the "Welcome Screen" (before the desktop loads), click "Configure Tor Connection" -> "Use a Bridge" -> "Use a default bridge".

Common Tails Issues Troubleshooting

Graphics Card Issues

If Tails freezes on boot or shows a distorted screen, your NVIDIA/AMD graphics card drivers might be incompatible with the open-source Linux kernel.
Fix: On the boot screen, press 'e' to edit parameters. Add nouveau.modeset=0 to the end of the linux line. Or select "Troubleshooting Mode" in the GRUB menu.

Wi-Fi Adapter Not Found

Some newer laptops have Wi-Fi cards with proprietary drivers not included in Debian.
Fix: Buy a cheap USB Wi-Fi dongle (Edimax or TP-Link) that is "Linux compatible". Plug it in, and Tails will recognize it immediately.

FINAL CHECKLIST BEFORE CONNECTING:
1. Are you on public Wi-Fi? (Starbucks, Library) - Good for anonymity, bad for physical security (cameras).
2. Is your screen visible to windows or cameras?
3. Do you have your Persistent Storage password memorized?
4. Is the "Security Level" in Tor Browser set to "Safest"?

04 // The Monero (XMR) Protocol

The "Bitcoin Myth": Pop culture depicts Bitcoin as an anonymous currency used by hackers. In reality, Bitcoin is the most transparent payment network in human history. Every transaction is permanently recorded on a public ledger. Companies like Chainalysis and Elliptic possess algorithms that can trace a Bitcoin fraction from a Hydra market withdrawal in 2018 directly to your Coinbase account in 2024.

Drughub enforces a strict Monero-Only Policy. Monero (XMR) is not just a currency; it is a privacy protocol that uses advanced cryptography to sever the link between sender, receiver, and amount.

FATAL ERROR WARNING: Never send cryptocurrency directly from a KYC Exchange (Coinbase, Binance, Kraken) to the Market. Exchanges tag these addresses. Your account will be frozen, and your data sent to financial crimes enforcement networks (FinCEN).

Technical Architecture: Why XMR is Untraceable

Monero achieves opacity through three distinct cryptographic layers. Understanding this builds confidence in the system.

1. Ring Signatures (Sender Privacy)
When you sign a transaction, the protocol mixes your digital signature with 10 other past transaction outputs ("decoys") from the blockchain. An observer can see that someone in the group moved money, but mathematically cannot prove who.
2. Stealth Addresses (Receiver Privacy)
Even if you publish your wallet address, the blockchain records a one-time random "stealth address" for every incoming transaction. No one can look at your public address on a block explorer and see your balance.
3. RingCT (Amount Privacy)
Ring Confidential Transactions encrypt the amount of XMR being sent. The network verifies that inputs equal outputs (no money was printed), but the actual value is hidden from the world.

The Financial Pipeline (How to Buy Safely)

Since most fiat on-ramps (Exchanges) require ID verification, you need a "cleaning" process. The standard workflow for 2024 is the LTC -> XMR Swap method. Litecoin (LTC) is preferred over Bitcoin for the first step because of lower fees and faster confirmation times.

                THE SANITIZATION PIPELINE:
                
                [STEP 1: CLEARWEB]
                Bank Account  -->  Coinbase/Kraken (Buy Litecoin)
                
                [STEP 2: THE BRIDGE]
                Exchange  -->  Cake Wallet (Mobile) OR Exodus
                *Do not send to Tails yet.*
                
                [STEP 3: THE SWAP]
                Cake Wallet  -->  Swap Provider (Trocador/SimpleSwap)  -->  XMR
                *Here, the trail is broken.*
                
                [STEP 4: DARKNET]
                Swap Output  -->  Tails OS Monero Wallet (The Vault)
                Tails Wallet -->  Drughub Market Address
            

Setting Up the Wallet on Tails

Tails OS comes pre-installed with the Official Monero GUI/CLI, but many users prefer Feather Wallet (also included or easily installable) for its lightweight, Electrum-style interface.

Synchronization (The Daemon)

To see your funds, your wallet must sync with the blockchain. Downloading the full blockchain (100GB+) over Tor is impractical. Instead, we use a Remote Node.

Note: Using a remote node leaks your IP to the node operator, but since you are routing through Tor (Tails), the node operator only sees the Tor Exit Node IP. This is safe.

The "10 Confirmation" Rule

New users often panic when they deposit funds to Drughub and the balance reads $0.00.
Due to the possibility of "Chain Reorganization" or "Double Spend" attacks, Drughub requires 10 Confirmations on the blockchain before crediting an account.

Avg Block Time	2 minutes
Confirmations Req	10 Blocks
Total Wait Time	~20-25 Minutes

Advanced OpSec: Churning

For users moving large volumes, simple swapping may not be enough. "Churning" creates distance between your funding source and your spending destination.

Definition: Sending your entire balance to yourself.
Since every Monero transaction generates a new Stealth Address, sending money from your wallet (Identity A) back to your own wallet (Identity B) looks like a payment to a stranger on the blockchain. Doing this 2-3 times makes statistical analysis virtually impossible.

Troubleshooting Deposits

+ "I sent money 2 hours ago, balance is zero"

1. Check the Transaction ID (TXID) on a block explorer like xmrchain.net (via Tor).
2. Does it have 10 confirmations?
3. Did you use the correct Drughub deposit address? (Addresses rotate!).
4. Did you sync your local wallet fully?

+ "Can I use USDT or Tether?"

Absolutely not. Stablecoins are smart contracts on transparent chains (ETH/TRX). They have "Blacklist" functions that allow the issuer (Tether Ltd.) to freeze funds remotely. They are incompatible with darknet operations.

+ "What is a Payment ID?"

In the old days, markets used one central wallet and identified users via "Payment IDs". Drughub uses Integrated Addresses (Subaddresses). You generally do NOT need to manually enter a Payment ID anymore; it is embedded in the address string starting with "8...".

05 // PGP Encryption Protocols

The Gatekeeper: Pretty Good Privacy (PGP) is not optional. It is the mathematical backbone of darknet identity. Unlike clearweb sites that rely on email/SMS verification (which link to your real identity), Drughub uses Asymmetric Cryptography to authenticate users.

If you lose your PGP Private Key, you lose your account, your funds, and your reputation permanently. There is no "Forgot Password" button.

The Mechanics: Asymmetric Encryption

Most users fail because they do not grasp the core concept. PGP utilizes two generated keys that are mathematically linked but functionally opposite.

THE PUBLIC KEY
"The Padlock"

You give this to everyone. You upload it to your Drughub profile. Anyone can use it to encrypt a message to you, but they cannot decrypt it.

THE PRIVATE KEY
"The Key"

You keep this secret. Never share it. It is the ONLY thing in the universe that can decrypt messages sent to your Public Key.

Tooling: Kleopatra (Tails OS)

We standardize on Kleopatra, the certificate manager included in Tails. Do not use online PGP tools; they store your keys on their servers.

Protocol 1: Generating Your Key Pair

Open Kleopatra. Click File -> New Key Pair.
Select "Create a personal OpenPGP key pair".
Name: Use your intended Drughub username.
Email: Leave blank or use a fake one (e.g., user@drughub.onion).
Advanced Settings (CRITICAL):
- Key Material: RSA
- Bit Length: 4,096 bits (2048 is arguably obsolete).
Passphrase: Set a strong password. This encrypts the Private Key itself on your hard drive.

OPSEC TIP: Set an expiration date (e.g., 1 year). If you get arrested and your key is seized, it will eventually expire, signaling to your contacts that your comms are compromised.

Protocol 2: The 2FA Login Challenge

This is the standard authentication method on Drughub. When you try to log in, the server needs to prove you are the owner of the account.

                THE HANDSHAKE WORKFLOW:
                
                1. SERVER: Uses your Public Key to encrypt a random code (e.g., "74391").
                2. BROWSER: Displays a block of scrambled text (PGP Message).
                3. YOU: Copy this block to your clipboard.
                4. KLEOPATRA: Tools -> Clipboard -> Decrypt/Verify.
                5. YOU: Enter your Private Key Passphrase.
                6. KLEOPATRA: Reveals the hidden code: "74391".
                7. YOU: Type "74391" into the login box.
                
                ACCESS GRANTED.
            

Protocol 3: Encrypting Your Address

Never send your shipping address in plain text. Even though Drughub encrypts messages on the server, if the server is seized by law enforcement, they will have the decryption keys. You must encrypt the message client-side before it ever leaves your browser.

How to manually encrypt for a Vendor:

Go to the Vendor's profile page.
Find their PGP Public Key block. Copy it.
In Kleopatra: Tools -> Clipboard -> Certificate Import.
Click "Certify" (mark it as trusted for yourself).
Write your address in a text editor (Notepad). Copy it.
In Kleopatra Taskbar icon: Right-click -> Clipboard -> Encrypt.
Select the Vendor's Recipient Certificate.
Paste the now-scrambled text into the order form.

Visual Guide: Identifying Valid PGP Blocks

A valid PGP message always follows strict formatting (ASCII Armor). If a single dash is missing, decryption will fail.

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.2.4 (GNU/Linux)

hQIMA8zL2+... [Header Data]
...
jA0ECQMC...   [Encrypted Payload - Looks like random garbage]
...
=y/3k         [Checksum]
-----END PGP MESSAGE-----
            

Common Errors:
"Decryption failed: No secret key" — You are trying to decrypt a message meant for someone else, or you haven't imported your own backup key.
"Bad Data" — You missed copying the first or last line of the block (the headers).

Backing Up Your Keys

If your USB stick corrupts, your digital identity is erased. You must export your keys.

Public Key Export: Safe to store anywhere. Right-click key -> Export.
Secret Key Export: DANGEROUS. Right-click key -> "Backup Secret Keys". This saves an .asc file. This file contains your identity. Store it on a separate encrypted USB drive, physically hidden in a different location (Paper wallet or secondary LUKS drive).

06 // Logistics & Drop Security (OpSec)

The Physical Vector: You have secured your OS (Tails), your funds (Monero), and your communications (PGP). Now comes the most dangerous phase: The Drop. This is where a digital packet becomes physical evidence.

Statistical analysis shows that 95% of darknet arrests occur not because encryption was broken, but because of poor shipping operational security (OpSec).

The Golden Rule: Plausible Deniability

Your legal defense relies entirely on one concept: Anyone can send anything to your address without your consent.

If a package containing contraband arrives at your house, that alone is not proof of guilt. However, if you use a fake name, track the package obsessively, or sign for a delivery that requires no signature, you destroy your plausible deniability.

CRITICAL WARNING: NEVER USE A FAKE NAME.
Novices think using a name like "John Doe" protects them. It does the opposite.
1. The mail carrier knows who lives at your address. A fake name is a red flag.
2. If the package is held at the post office, you cannot retrieve it without matching ID.
3. It signals to law enforcement that the recipient is hiding something.
ALWAYS use the real name associated with the mailbox.

Standardizing the Address Format

Vendors process dozens of orders daily. Do not make them guess. Use the standard Universal Postal Union format. Poor formatting leads to "Undeliverable" packages, which are then opened by postal inspectors.

Before encrypting your address with the Vendor's PGP Key, format it exactly like this:

                MANDATORY FORMAT:
                
                Name: [Real First & Last Name]
                Street: [1234 Example St, Apt 404]
                City: [Cyber City]
                State/Province: [TX]
                Zip/Postal Code: [77000]
                Country: [USA]
                
                // OPTIONAL NOTES //
                "Please use extra decoy layer."
                "Do not require signature."
            

Controlled Delivery (CD): The Nightmare Scenario

A Controlled Delivery is when law enforcement intercepts a package, confirms it contains contraband, and then poses as a mail carrier to deliver it to you to affect an arrest.

Indicators of a Compromised Drop:

The 48-Hour Delay: Tracking shows "Out for Delivery" but it doesn't arrive for 1-2 days (Police are obtaining a warrant).
The Signature Trap: The mail carrier asks for a signature for a standard mail item that normally doesn't require one.
Abnormal Behavior: The delivery person is new, nervous, or accompanied by another person waiting in a vehicle.
Visible Tampering: The package has been re-taped with different tape (e.g., clear tape over brown tape).

The Defense Protocol (If you suspect a CD):

Refuse to Sign: If asked to sign, simply say: "I am not expecting a registered package. Please return it to sender." Close the door.
The "Wall of Silence": If they raid, say NOTHING. Do not try to explain. Do not say "I didn't order this." Say: "I want a lawyer."
Clean House: If you refused a package, sanitize your house immediately. Destroy any written notes. Flash your Tails USB drive if necessary.

Post-Delivery Sterilization

Once the package is safely inside, the danger is not over. The packaging itself is contaminated.

The Quarantine Procedure

Step 1: Visual Inspection. Check for tears, re-gluing, or pinholes (cameras/trackers - rare but possible in high-value targets).

Step 2: Extraction. Open the package. Remove the product. DO NOT touch the product to your face or surfaces yet.

Step 3: Destruction. The box/envelope contains your name and tracking info. Shred it. Burn it. Do not just throw it in your kitchen trash can. Dispose of the debris in a public bin miles from your home.

Step 4: Digital Cleanup. Log into Drughub, Finalize the order (release funds to vendor), and Delete the order from your history. Leave no digital record.

Advanced: Drop Houses vs. PO Boxes

For high-volume users, using a home address is risky.

PO Box: Safer than home, but cameras are everywhere in Post Offices. Requires ID to open. High paper trail.
Empty Drop (Ghost Drop): An empty house listed for sale. High risk. If neighbors see you picking up mail, they call the police.
The "Mule": Paying a person to receive packages. Extremely risky (blackmail, theft, snitching).

Verdict: For personal use quantities, your Home Address with your Real Name remains the statistically safest method due to the sheer volume of mail and legal protections of mail privacy.

06 // Purchasing & Escrow Guide

Once your environment is secure and your wallet is funded, you are ready to trade. But the market mechanics can be confusing for newcomers.

The Dispute Process

If a vendor does not ship, or ships the wrong product, you must open a dispute. Do not finalize the order. Once an order is finalized, the funds are released to the vendor and cannot be recovered by the admins. In a dispute, a moderator will review the chat logs and PGP encrypted shipping info to make a decision.

07 // Security Audits & Canary

Drughub undergoes regular security audits. Below is the current Warrant Canary.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

As of [CURRENT DATE], the Drughub infrastructure has not been compromised.
We have received no warrants or National Security Letters.
We have not been forced to modify our system to allow backdoor access.
Users are safe.

Signed,
Drughub Admin
-----BEGIN PGP SIGNATURE-----
...
            

08 // Knowledge Base (FAQ)

A collection of the most frequent technical inquiries.

+ Can I use Drughub on mobile?

Technically yes, using Tor Browser for Android. However, mobile devices are inherently insecure due to baseband OS tracking. It is highly recommended to use a desktop/laptop with Tails.

09 // Darknet Glossary

2FA (Two-Factor Authentication): A security process requiring users to decrypt a PGP message to prove identity during login.
Drop: The physical location where a package is delivered. Usually a residence or PO Box.
Dread: The Reddit-like forum on the darknet where users discuss vendors and markets.
Exit Node: The last computer in the Tor circuit that sends traffic to the destination. (Not used for Onion sites, only for clearweb access).

07 // Knowledge Base (FAQ)

Rapid-fire answers to critical tactical questions. Failure to understand these terms usually results in financial loss.

[?] What is "Escrow" vs "Finalize Early" (FE)?

Escrow is the safety standard. When you order, Drughub holds your coins. The vendor only gets paid AFTER you mark the order as "Received". If the pack never comes, you can dispute and get a refund.

FE (Finalize Early) means you waive your protection. The vendor gets the money immediately. Never use FE unless you trust the vendor implicitly. 90% of scams happen via FE requests.

[?] Why is my Deposit not showing up?

Monero requires 10 Confirmations on the blockchain. This takes approximately 20-30 minutes. Do not open a support ticket until at least 60 minutes have passed. Ensure you are not on a phishing site (check your PGP verification).

[?] Can I use Tor Browser on a Smartphone?

Technically yes, but it is bad OpSec. Mobile OSs (iOS/Android) are surveillance devices by design. They track typing patterns, GPS, and clipboard data. For browsing? Maybe. For ordering? Never. Use a laptop with Tails OS.

[?] What happens if I lose my PIN?

You lose your funds. The PIN is used to encrypt your wallet on the server. Admins cannot reset it for you because they do not know it. Write your PIN down physically.