Skip to content
Get Link
NODE :: ACTIVE Updated daily 4 mirrors online

All Verified Nexus Onion Addresses

Four PGP-verified .onion mirrors. Each one connects to the same backend — same account, same orders, same wallet. Use whichever responds fastest from your Tor circuit. Not sure which is real? How to verify these are authentic.

// ARTICLE 01 / 03

Understanding Nexus mirror architecture

Nexus runs four separate .onion addresses simultaneously. They share the same backend database, the same user accounts, and the same order history. The only difference between them is the entry point. Understanding how this works helps you troubleshoot connection issues and avoid falling for "mirror down" social engineering used by phishing operators.

Nexus platform DDoS protection and mirror redundancy system
Mirror status indicators — each node operates as an independent Tor hidden service relay

Why multiple mirrors exist

DDoS attacks are a constant reality for darknet platforms. A single address is a single point of failure — one coordinated flood of traffic and the entire platform becomes unreachable for hours. Nexus addresses this with four mirrors that distribute incoming connections across separate Tor hidden service relays. When one mirror is hit hard enough to slow down, the others absorb the traffic. In practice, a sustained DDoS event degrades one entry point while the remaining three continue handling requests normally.

There's a secondary reason. Tor's hidden service infrastructure occasionally loses sync on specific circuits — a node failure in the rendezvous chain, not a platform issue. A mirror switch gives your Tor client a fresh circuit attempt, which resolves connection issues that have nothing to do with the platform itself. Don't debug for twenty minutes when switching the address solves it in thirty seconds.

How traffic is balanced

The four mirrors are not load-balanced in the traditional sense. There's no central router deciding which mirror receives your request. Each mirror is an independent Tor hidden service with its own descriptor. Your Tor client independently establishes a circuit to whichever address you paste in. Different users naturally connect to different mirrors based on which circuit their Tor node builds first — passive distribution that protects against volumetric attacks targeting a single descriptor.

When you copy a mirror link and paste it into Tor Browser, you get a fresh six-hop circuit to that specific hidden service. Circuit quality varies based on which Tor relays are in your path that session. A slow connection on mirror three might resolve instantly on mirror two — same platform, different circuit geometry. This is normal. Try the next address before concluding the platform is having issues.

When a mirror goes down

Don't wait. Close the connection, copy the next address from this page, and reconnect. Your account state is stored server-side — balances, active orders, and messages are identical across all four mirrors. Nothing resets when you switch. You're not losing a session.

If two or three mirrors simultaneously fail to load, check the Nexus announcement thread on Dread for admin updates. Large-scale outages are logged there within hours. Combined uptime since launch has held at 98.1% across all four nodes — simultaneous total failure is rare, and when it happens it's typically brief scheduled maintenance rather than a platform emergency.

// ARTICLE 02 / 03

How to verify a Nexus link is authentic

An .onion address you can't verify is worth nothing. The cyberpunk aesthetic Nexus uses is widely copied — phishing sites replicate it precisely, right down to the button placement and color palette. The only reliable way to know you have a real Nexus address is to trace it back to a PGP-signed source.

The PGP signature method

The Nexus admin posts link announcements to Dread, each signed with the platform's admin PGP key. Verification requires three steps.

Step 1. Find the Nexus admin PGP key on the Dread forum under the Nexus board. It's in the pinned admin announcement thread. Import it with GnuPG on your machine.

Step 2. Download the signed announcement post. Nexus admin announcements include an inline PGP signature block — copy everything from -----BEGIN PGP SIGNED MESSAGE----- through -----END PGP SIGNATURE----- and save it to a local file.

Step 3. Verify with GnuPG: 

# Import admin public key (do this once)
gpg --import nexus_admin_pubkey.asc

# Verify the signed announcement file
gpg --verify signed-announcement.txt

# Valid output reads:
# Good signature from "Nexus Admin <admin@nexus>"

A valid signature means the .onion addresses inside that message came from whoever controls the admin private key. That's cryptographic proof — as close to certainty as this ecosystem provides. Use it every time you update your saved addresses.

Cross-reference with trusted sources

Three methods, in order of reliability:

  1. PGP-signed announcements on Dread — cryptographic proof, most reliable.
  2. The Nexus board on Dread where experienced community members confirm addresses over months of use.
  3. This portal, which cross-checks twice weekly against both sources above. Use alongside, not instead of, them.

Privacy Guides publishes a general guide to verifying PGP signatures. The same process applies here and is worth reading if this workflow is new to you.

Character-by-character verification

Onion v3 addresses are 56 characters long, plus the .onion suffix — 62 characters total. A phishing site only needs to change one of those 62 characters to redirect you to a controlled server while looking identical to Nexus.

Before entering any credentials, look at the URL bar in Tor Browser. Read the first four characters and the last four characters. Check the total length looks right. Twelve seconds. A well-crafted phishing link substitutes a lowercase l for a number 1, or an uppercase O for a zero 0, at a position your eye naturally skips in a familiar string.

Copy from this page. But verify anyway. And if you're serious about operational security, run Tor Browser inside Tails OS or Whonix for stronger session isolation. Both are designed to prevent exactly this category of credential exposure.

// ARTICLE 03 / 03

Anti-phishing field guide for Nexus users

Digital security and anonymity visualization — protecting your identity online

The Nexus interface is the most commonly phished darknet marketplace design currently active. The hot pink and deep purple color scheme, the exact button placement, the cyberpunk font styling — all cloned with precision by scam operators and served on addresses that differ from the real ones by a single character. This guide tells you what to look for and what to do.

What phishing Nexus looks like

A well-made Nexus phishing page mirrors everything visible on first load. The color palette, CSS gradients, navigation structure, and element spacing are all copied. Vendors on Dread have reported clones so precise that experienced users were momentarily uncertain about which version they were looking at. Don't trust visual similarity.

Behavioral differences do exist. The real Nexus loads all styling before showing page content — no flash of unstyled elements. The Tor descriptor responds to a circuit handshake within 300ms on a normal connection. The font stack loads correctly from the specific sources the platform uses. Phishing pages often show brief layout shifts on load, slightly wrong font rendering, and occasionally fail to load the logo or specific decorative CSS components.

None of those behavioral signs are fully reliable. A well-resourced phishing operation replicates them too. The URL bar is the only check that actually matters.

Red flags to check before you log in

URL bar address mismatch

The address in Tor Browser doesn't exactly match a known Nexus mirror from this page. One wrong character means you're somewhere else. Stop immediately.

Address length is off

A real Nexus v3 onion is exactly 56 characters plus ".onion" — 62 total. Count before entering your password. Short addresses are always wrong.

Page requests clearnet email or phone

Nexus never asks for clearnet contact details at login. Any screen requesting your email address is a credential harvester, not Nexus.

Missing PGP login option

Nexus supports passwordless PGP authentication on the login screen. A page without this option has been simplified to steal password credentials specifically.

What to do if you suspect a phishing site

Close it immediately. Don't log in "just to check". Don't submit a test username and password to see what happens. If a phishing server captures your credentials, it doesn't need to tell you anything — it logs them silently and returns an error. You learn nothing; they get everything.

If you did submit credentials on a site you now suspect was phishing, assume those credentials are compromised. Use a verified mirror from this page to log in immediately and change your password. Change your PGP authentication key if you have one configured. Review recent order activity and flag anything you didn't initiate. Consider using a password manager like KeePassXC going forward — it stores credentials offline and auto-fills only on exact domain matches, which mechanically prevents submission on wrong-address pages.

For secure communications after a suspected compromise, use Signal or Proton Mail rather than channels that could be monitored. Report the phishing address on Dread so the community can flag it. The EFF and Privacy Guides publish operational security material that goes deeper into post-compromise steps.

// STATUS / 02

Mirror uptime status

Monitoring across all four nodes. Numbers reflect rolling 30-day averages. Response times measured from a shared Tor exit — your circuit performance will vary by relay path.

Mirror Status Uptime (30d) Avg response Last checked
MIRROR_01 — Primary ● Online 99.2% 1.3s avg April 21, 2026
MIRROR_02 ● Online 98.8% 1.7s avg April 21, 2026
MIRROR_03 ● Online 97.4% 2.1s avg April 20, 2026
MIRROR_04 ● Online 96.1% 1.9s avg April 20, 2026

Uptime reflects successful Tor hidden service descriptor lookups, not HTTP response codes. A mirror showing 96–97% has experienced short windows of degraded Tor routing, not platform outages.

// FAQ / 03

Mirror-specific questions

Questions specific to Nexus mirrors and link verification. For general platform questions, see the homepage FAQ. For a complete setup walkthrough, see the quick-start guide.

What happens if a Nexus mirror is down?

Try the next mirror address on this page. All four mirrors connect to the same backend — your account balance, active orders, and message history are identical across all of them. If one mirror is unreachable, paste a different address into Tor Browser. You'll land on the same Nexus platform with the same account state. Nothing resets. Nothing is lost. The mirror you use doesn't affect your data in any way.

How often are Nexus onion links updated?

Links are re-checked twice per week against the Tor hidden service directory and cross-referenced against PGP-signed announcements on Dread. The "Last verified" timestamp on each link card reflects the most recent successful handshake with that specific .onion address. If an address stops responding for more than 72 hours without an admin explanation, it's flagged on this page before being removed from the verified list.

Can I bookmark a Nexus onion link?

You can, but bookmark this page instead of a raw .onion address. Nexus rotates mirrors periodically — typically after sustained DDoS events or when a hidden service descriptor needs refreshing. Bookmarking the portal means you always get the current verified list rather than a single address that may have been decommissioned. Tor Browser's built-in bookmark manager works for this. If your saved link stops loading, come back here rather than searching elsewhere — phishing sites appear in search results for darknet marketplace links.

What if all four mirrors fail at once?

Before concluding the platform is down, close Tor Browser completely, reopen it, and try again with a fresh circuit. Stale circuits cause apparent total failure when the platform is actually fine — this is the most common cause of "all mirrors down" reports. If fresh circuits also fail, check the Nexus announcement thread on Dread. Total outages across all four nodes are rare. Combined uptime since November 2023 has held at 98.1%. When it does happen, admin posts appear within a few hours.

Is there an official Nexus clearnet website?

No. Nexus operates exclusively over Tor. Any site claiming to be an official Nexus clearnet presence is either a phishing attempt or an unofficial third party with no connection to the platform. There is no clearnet mirror, no "lite" version, and no app. The four .onion addresses on this page are the only legitimate Nexus entry points. If someone points you to a clearnet "official" Nexus site, treat it as a phishing attempt regardless of how official it looks.