Contact

Encrypted channels only.

The market does not run a clearnet support inbox, a Telegram bot, a Discord server, or a Twitter handle. Anyone claiming any of those is impersonating us. The four channels below are the entire surface, and three of them require PGP encryption.

Where to Reach Us

General Support

For login issues, mirror access problems, account recovery questions, and general inquiries from buyers. Encrypted messages only, plaintext is filed under bin.

Onion email: support[at]nexus[dot]onion

Subkey for support: 0x88F3BD2C

Response time within 48 hours. Anything older has been triaged out, resend after a week.

Vendor Desk

For vendor applications, bond questions, listing approvals, and category eligibility. Vendor identity is required, PGP-sign your message with the key on file.

Onion email: vendors[at]nexus[dot]onion

Subkey for vendors: 0x66B8E1D5

First contact for new vendors goes through the in-market application portal, not this address.

Dispute Panel

The dispute panel does not accept off-ticket contact. Disputes happen inside the order. The address below exists only for cases where the order ticket itself is broken or unreachable.

Onion email: disputes[at]nexus[dot]onion

Subkey for disputes: 0x9C4166B8

Include the order hash and the timestamp of the failed ticket access. No order hash, no response.

Security Disclosure

For vulnerability reports, key compromise indicators, and operational security concerns. Encrypted, signed, with a working callback handle. Anonymous reports are read but cannot be acknowledged.

Onion email: security[at]nexus[dot]onion

Subkey for security: 0x1E5A0F77

Bounty for valid reports paid in XMR after fix is deployed. Verbal NDA, no contracts.

How to Send a Working Message

Encrypted email to an onion address requires a Tor-aware mail client. The standard setup is Thunderbird with the Tor Browser proxy configuration, pointed at a hidden service mail provider. Once routed, the message is processed by our internal queue and replied to from the same subkey.

Plaintext addresses sent without encryption are accepted only for a single use case, the ticket lookup query. Everything else needs to arrive sealed under one of the subkeys above. Mail signed by an unknown key is read for triage and replied to with a request to send PGP-encrypted follow-up.

Signature checking on outbound mail is done with the master key fingerprint 0A9D. If a reply arrives that fails verification against that key, it is not from us. Treat it as a phishing attempt and report through the security channel.

Channels That Are Not Us

The market does not operate any of the following, and anyone claiming to be Nexus through them is running an impersonation scheme:

Telegram bots, channels, or DMs in any language
Discord servers or DMs
Twitter or X handles, including anything that looks official
Reddit accounts, including in /r/darknet and adjacent subs
Clearnet contact forms on lookalike domains
WhatsApp, Signal, Wire, or Session group chats
SMS or voice support

If a friend says they reached Nexus support through any of those, the friend reached a phisher. Report it to the security channel above with the contact handle and any messages received, the more reports we collect the faster the impersonation networks get burned.

Public Announcements

Operational announcements, key rotations, mirror retirements, and policy changes are posted on each onion mirror under the announcements tab and signed with the master key fingerprint 0A9D. They are also republished here on the gateway so users can verify the same signature against the same content from two independent surfaces.

If you see an announcement that is not signed, or one whose signature does not verify against the master key, it is not us. The same rule applies to mirror retirement notices, currency policy changes, and dispute panel rulings. Signature first, content second.