Nexus market onion links
& verified mirrors 2026

Nexus maintains 4 verified v3 .onion addresses. All four connect to the same backend, share the same order database, and carry identical balance state. There is no functional difference between them — they exist purely for redundancy against DDoS and circuit-level failures. Uptime across the four mirrors ranges from 93.8% to 96.6% over the past 30 days, meaning you are highly unlikely to find all four unavailable at the same time.

When Nexus updates its mirror set, the administrators post a new PGP-signed announcement on Dread. This page updates within hours of any verified address change. Bookmark both the mirrors and this directory.

Cross-reference each address with PGP-signed announcements posted by the Nexus admin key on Dread. Install GnuPG, import the Nexus admin public key from the pinned Dread thread, then run gpg --verify on the signed announcement. A valid result shows "Good signature from Nexus Admin."

After confirming the signature, compare the address from the announcement to the address on this page, character by character. All 56 characters must match. This is not optional — phishing operators have replicated Nexus character-for-character with only single-digit differences in the address.

Try the remaining three mirrors from this page. Before concluding the mirror itself is down, try clicking "New Circuit for this Site" in Tor Browser — most failed loads are circuit failures, not mirror outages. Tor circuits can degrade silently.

If three or four mirrors are unreachable simultaneously, wait 30 minutes. Simultaneous outage is rare and usually resolves within an hour. Do not search for "Nexus alternative links" on clearnet search engines — phishing operators specifically target users in this frustrated state. Return to this page and wait.

v3 onion addresses are 56 characters long and use ed25519 key pairs with SHA3-256 hashing. The older v2 format used 16-character addresses with SHA1 — now deprecated and disabled by Tor Project as of October 2021. v3 addresses are both cryptographically stronger and harder to enumerate: there is no practical way to scan the .onion namespace to discover v3 services, unlike the older format.

For users, the practical implication is that a 56-character address is harder to mistype — and harder for phishing operators to craft a convincing near-duplicate of. The longer the address, the more characters they must fake, and the more likely a careful user will catch the difference. Always compare in 8-character segments: it is much easier to catch a substitution in nexusaldu than in the full 56-character string.

Yes, bookmarking reduces your exposure to phishing — you do not need to search for the address each session. However, addresses can change after major security updates or infrastructure transitions. When they do, only PGP-signed announcements on Dread carry the authoritative new addresses.

The safest approach: bookmark both the current primary mirror and this directory. When you load your bookmark and the address no longer appears on this page's verified list, treat the discrepancy as a flag and re-verify from Dread before logging in. Keep both KeePassXC and your PGP keychain updated to make future re-verification fast.

No. Nexus operates exclusively on Tor. There is no clearnet version, no .com, no .net, and no redirect service. Any site claiming to be Nexus Market on the clearnet — including sites that look identical to the Tor interface — is either a phishing operation or an unaffiliated information directory (like this one).

This site (nexus-onion.top) is an information and navigation resource. It is not affiliated with Nexus and does not host the marketplace. Its purpose is to provide a verified, up-to-date set of .onion addresses cross-referenced against PGP-signed announcements. Access Nexus only through Tor Browser using one of the four .onion addresses on this page.

Phishing operators register v3 .onion addresses with similar-looking character sequences — substituting lowercase L for the numeral 1, or the numeral 0 for uppercase O. They then copy the Nexus cyberpunk design exactly: the hot pink and cyan palette, the Unbounded typeface, the grid layouts, even the floating status cards. The result is a pixel-perfect replica at a fraudulent address.

When users enter credentials on a phishing mirror, those credentials are captured and used to drain balances on the real Nexus. The phishing site may then redirect to the real Nexus to delay detection. The only reliable distinguisher is the address itself — visual matching is not verification. Read our opsec guide for a full threat model.

Yes. All four mirrors connect to the same backend infrastructure. Your orders, wallet balance, PGP key, and vendor reputation are accessible from any mirror. You can start a browsing session on Mirror 01 and continue on Mirror 03 without any loss of state. The mirrors are entry-point routing layers, not separate databases.

This is also why it does not matter which mirror you use for a transaction — the escrow state and dispute history live in the same backend regardless of which .onion you connected through. If a mirror goes down mid-session, switch to another and your session context will be intact. For more on how Nexus handles session security, see the platform overview.

Set Tor Browser to Safest mode before navigating to any Nexus mirror. The shield icon in the toolbar controls this setting. Safest disables JavaScript, which removes the largest attack surface for browser fingerprinting and drive-by exploits. Nexus is designed to function without JavaScript — every feature, including login and order management, works in Safest mode.

Safer or Standard mode are not recommended for marketplace access. JavaScript fingerprinting can leak information about your browser, installed fonts, and screen resolution even through Tor. If you encounter a site that claims to be Nexus but does not load in Safest mode, treat that as a strong warning signal — the real Nexus explicitly supports JavaScript-free operation.