Technical Documentation & FAQ

DrugHub Access operates as the verifiable entry point for the DrugHub Market network. We maintain the directory of cryptographically signed onion mirrors. Our primary function is to distribute valid entry nodes, ensuring users connect to the legitimate market infrastructure rather than malicious clones.

Connection requires a Tor-enabled client. The verified .onion addresses provided on our Links page must be entered into the Tor Browser. Javascript should be disabled (Security Level: Safest) to minimize attack surface. Standard browsers (Chrome, Firefox, Safari) cannot resolve the hidden service network.

Yes. The market architecture supports unauthenticated browsing for viewing vendor profiles, product listings, and public feedback. However, all interactive functions—including messaging, ordering, and support tickets—require a fully authenticated session established via PGP.

DrugHub eliminates static credentials to prevent credential harvesting. Authentication is performed via Public Key Cryptography. The server generates a random challenge token and encrypts it using the user's stored Public PGP Key. The user must decrypt this token locally using their Private Key and return the plaintext token to the server. This creates a Zero-Knowledge proof of identity.

To enhance network resilience against DDoS attacks, the market infrastructure assigns a dedicated, private onion address to each verified user. This decentralizes the traffic load, ensuring that an attack on public gateways does not affect established users. It also provides a robust authenticity check, as only the user knows their specific URL.

Verification is mandatory for OpSec. The landing page provides a PGP-signed message containing the current timestamp and onion URL. Users must verify this signature using the market's official public key. A valid signature confirms that the server is controlled by the market administrators and not a malicious third party.

DrugHub strictly prohibits Bitcoin due to its transparent public ledger, which enables chain analysis and user deanonymization. Operations are exclusively conducted in Monero (XMR). Monero employs Ring Signatures, RingCT, and Stealth Addresses to mathematically obfuscate the sender, receiver, and transaction amount, ensuring complete financial privacy.

Transactions are secured via a standard 2-of-3 Multi-Signature Escrow system. Funds are deposited into a multisig address controlled by three keys (Buyer, Vendor, Market). Releasing funds requires signatures from two parties. This mechanism protects funds until the buyer confirms receipt or the auto-finalization timer (14 days) elapses.

Yes, but access is restricted. Only vendors with established trust metrics—specifically a positive feedback rating exceeding 95% and significant transaction volume—are granted Finalize Early (FE) privileges. New vendors are subjected to mandatory escrow holding periods to mitigate risk.

DrugHub enforces rigorous vendor vetting. Applicants must post a security bond (1-5 XMR depending on category). Additionally, vendors in sensitive categories are frequently required to submit product samples for chemical analysis. Selling privileges are only granted after samples are verified for purity and consistency with listing descriptions.

In the event of non-delivery, the buyer must initiate a dispute before the auto-finalization timer expires. This action creates a support ticket involving a market moderator. The moderator reviews all available evidence (shipping data, communication logs). If the vendor cannot provide proof of dispatch, the moderator signs the multisig transaction to return funds to the buyer.

The platform strictly prohibits items that attract disproportionate law enforcement attention or cause direct harm. This includes weaponry, explosives, poisons, fentanyl/analogues, child exploitation material (CSAM), and murder-for-hire services. Violations result in immediate bans and bond forfeiture.

The Tor network is subject to latency and node failure. If a specific mirror is unresponsive, users should consult the Mirrors Page for alternative verified entry points. Registered users may also receive status updates regarding their private mirror via Jabber/XMPP.

Support is managed exclusively via the internal ticketing system. Users must be logged in to create a ticket. Categories include Account Recovery, Vendor Reports, and Technical Faults. Response times average 24 hours. For account lockout scenarios, refer to the PGP Recovery procedure in the Tutorial section.