What is DrugHub Market's operational philosophy?

DrugHub Market operates on principles of absolute privacy, cryptographic verification, and harm reduction. Launched in August 2023, we employ a Monero-exclusive payment rail and a passwordless, PGP-based authentication system to eliminate common attack vectors found in legacy marketplaces.

How does the PGP Challenge-Response authentication work?

Our authentication system rejects static passwords entirely. When you initiate a login, the server generates a random cryptographic token and encrypts it using the public PGP key associated with your account. You must decrypt this token locally using your private key and return the plaintext to the server. This proves identity without transmitting sensitive credentials.

Why is Monero (XMR) the only accepted currency?

Bitcoin and other transparent-ledger cryptocurrencies are unsuitable for anonymous commerce. Monero utilizes Ring Signatures, RingCT (Confidential Transactions), and Stealth Addresses to obfuscate the sender, receiver, and transaction amount at the protocol level. We mandate XMR to protect user sovereignty.

Explain the 2/3 Multi-Signature Escrow implementation.

Every transaction generates a unique multisig wallet with three keys held by: the Buyer, the Vendor, and the Market. Releasing funds requires 2 of 3 signatures. In a standard trade, Buyer and Vendor sign. If a dispute arises, the Market signs with the righteous party. This mathematical guarantee prevents theft by any single entity.

What is the function of Individual Mirrors?

Upon account creation, users are assigned a private, rotating .onion entry node. This architecture isolates user sessions, mitigating the impact of network-wide DDoS attacks and providing a method for users to verify they are connected to the authentic platform infrastructure.

What is the Vendor Bond and Verification process?

Vendor integrity is paramount. Applicants must pay a refundable bond (tiered 1-5 XMR) and undergo mandatory chemical analysis of their inventory. We verify stock possession via signed timestamped photos. New vendors operate under a 30-day probation with extended escrow hold times.

Knowledge Base

V2.4

This document outlines the operational security protocols, financial mechanisms, and user policies of DrugHub Market. Review this information thoroughly to ensure proper OpSec integration and platform usage. For issues not covered here, utilize the PGP-signed support ticket system.

Platform Infrastructure

DrugHub is a decentralized, privacy-focused marketplace operating exclusively on the Tor network. Our infrastructure is built to eliminate single points of failure and prioritize user anonymity.

We employ a strict Monero-only payment rail to ensure financial privacy and a passwordless authentication system to mitigate credential harvesting. Our goal is to provide a utilitarian, high-security environment for peer-to-peer commerce without the tracking vectors present in legacy web systems.

Verification is critical for security. Always cross-reference the .onion URL you are accessing with the signed list available on our main landing page or trusted directories (e.g., Dread). We cryptographically sign all mirror lists with the DrugHub PGP key (Fingerprint: 8A4F 2B9C...).

Note: Never input private keys or sensitive data on a URL that has not been verified against our public key signature.

Yes. We maintain an open-access policy for browsing. Guest users can view vendor profiles, product listings, and historical feedback data. This transparency allows prospective users to validate vendor reputation and product availability before establishing an identity on the platform. Active participation (buying/selling/messaging) requires a PGP-verified account.

Cryptography & Authentication

We have deprecated static passwords to eliminate credential theft vectors. Authentication utilizes a Challenge-Response protocol:

User initiates login with Username.
Server generates a random alphanumeric token.
Server encrypts this token with the User's stored Public PGP Key.
User decrypts the message locally using their Private PGP Key.
User submits the plaintext token to the server to authorize the session.

This ensures that account access is mathematically impossible without possession of the private key.

To combat network congestion and targeted DDoS attacks, DrugHub assigns a unique, private .onion entry point to users upon successful registration. This "Individual Mirror" isolates your traffic session from the public pool. It also serves as an authenticity guarantee; since only you and the server know your private URL, any deviation indicates a potential interception attempt.

Our PGP login system is, by definition, a strict 2FA implementation. It requires "something you know" (your username) and "something you have" (your private key). Unlike optional 2FA on other platforms, this cryptographic verification is mandatory for every login event, ensuring consistent high-level security across the entire user base.

Monero & Multisig Escrow

Bitcoin employs a transparent public ledger, allowing chain analysis firms to trace transaction histories and de-anonymize users. We exclusively accept Monero (XMR) due to its protocol-level privacy features: Ring Signatures (sender obfuscation), RingCT (amount blinding), and Stealth Addresses (receiver privacy). This ensures financial data remains opaque to external observers.

We utilize a standard 2-of-3 Multi-Signature Escrow architecture. Upon order creation, funds are moved to a multisig address controlled by three keys:

Key A: Buyer
Key B: Vendor
Key C: Market Administrator

To release funds, 2 signatures are required. In a successful trade, Key A + Key B sign. In a dispute, Key C reviews evidence and signs with the prevailing party. This prevents unilateral theft by any single participant.

Finalize Early is a privilege granted to high-volume, trusted vendors (Level 5+). It allows funds to be released from escrow immediately upon dispatch marking. While this improves vendor cash flow, it removes buyer protection. Users should only engage in FE transactions with vendors who have an established, flawless track record on the platform.

To protect the market's hot wallet, withdrawals are processed in batches every 6 hours. Larger withdrawals may trigger a manual security review (up to 24 hours). This delay is a security feature designed to prevent automated draining of funds in the hypothetical event of a server compromise.

Vendor & Order Protocols

Vendor applications undergo rigorous vetting. Requirements include: 1) Payment of a refundable bond (1-5 XMR depending on category risk), 2) Submission of PGP-signed proof of stock, and 3) Sample submission for chemical analysis by market staff. Approved vendors enter a 30-day probationary period with restricted withdrawal limits.

DrugHub enforces a strict Harm Reduction policy. Prohibited listings include: Weaponry/Explosives, Fentanyl and analogues, Poisons/Toxins, CP/Exploitation material, and Hitman services. Any vendor attempting to list these items faces immediate account termination and forfeiture of bond funds to community resources.

If an order is not received or is non-compliant, the buyer must initiate a dispute before the 14-day auto-finalization timer expires. A moderator will review encrypted chat logs and transaction data. Resolution involves the moderator signing the multisig transaction to release funds to the correct party. Users are advised to maintain clear communication records.

Due to our zero-knowledge architecture, we do not possess the ability to reset account access. Your PGP private key is the sole mechanism for identity verification. If you lose your private key, access to your account and wallet is permanently lost. Users are strongly advised to maintain secure offline backups of their keypairs.

Knowledge Base

Platform Infrastructure

01. What is the operational architecture of DrugHub?

02. How do I verify I am on the correct mirror?

03. Can I browse the market without registration?

Cryptography & Authentication

04. Explain the Passwordless PGP Login mechanism.

05. What constitutes an "Individual Mirror"?

06. What is the policy on Two-Factor Authentication (2FA)?

Monero & Multisig Escrow

07. Why is Bitcoin (BTC) not supported?

08. Technical details of the Escrow System?

09. What is Finalize Early (FE) status?

10. Withdrawal processing times and limitations?

Vendor & Order Protocols

11. What are the requirements for Vendor status?

12. Which items are strictly prohibited?

13. How are disputes mediated?

14. What is the policy on lost PGP keys?