Every .onion address on this page was pulled from a PGP-signed Dread announcement and independently checked. Four mirrors, one backend. Copy one, paste into Tor Browser, skip the phishing risk.
Last verified: April 21, 2026·Source: Dread PGP-signed·Mirrors online: 4 / 4
§01 · verified addresses
All four Nexus mirrors
Copy any address below into Tor Browser. Don't retype — a single wrong character routes you to a different .onion entirely. For setup help, see the entry guide.
01
Primary mirror — recommended
Loading...
218 ms avg·Last seen online 6 min ago·Source: Dread, PGP-signed
02
Mirror 2
Loading...
334 ms avg·Last seen online 11 min ago·Source: Dread, PGP-signed
03
Mirror 3
Loading...
412 ms avg·Last seen online 3 min ago·Source: Dread, PGP-signed
04
Mirror 4
Loading...
156 ms avg·Last seen online 1 min ago·Source: Dread, PGP-signed
All four mirrors share one backend — wallet balance, order history, and inbox are identical across all addresses. Latency varies by your Tor circuit, not by the mirror itself. If one is slow, try the next.
Nexus market — one of the largest multi-vendor platforms on Tor as of April 2026, with 52,342 registered users and 23,752 active listings.
Mirror status — April 2026
Status indicators reflect connectivity checks run every six hours against each mirror address. Uptime is calculated over the trailing 30 days.
Mirror
Status
30-day uptime
Avg response
Last checked
Verification source
nexusaldu…qd.onion
Online
98.1%
218 ms
April 21, 2026
Dread / PGP-signed
nexusbbq…qd.onion
Online
97.4%
334 ms
April 21, 2026
Dread / PGP-signed
nexuscr3…qd.onion
Online
96.8%
412 ms
April 21, 2026
Dread / PGP-signed
nexusd6k…id.onion
Online
98.7%
156 ms
April 21, 2026
Dread / PGP-signed
§02 · how we check these
Link verification methodology
Every address published here went through the same three-step check before it appeared on this page. Done manually, not automated. That's why the update cycle is 24 hours, not 10 minutes.
1
Locate the signed announcement on Dread
Nexus posts link updates in their official Dread subdread. Posts are PGP-signed with the Nexus admin key, published since the market launched in November 2023. We retrieve the latest announcement and pull the raw text for signature verification. Any post without a valid signature is discarded regardless of content.
2
Verify the PGP signature with GnuPG
The signed message block is piped into GnuPG against the Nexus public key. A clean gpg: Good signature result is required. If the output shows BAD signature, the entire update is treated as potentially compromised and we do not publish until a clean announcement appears. This catches both tampering and key rotation events.
$ gpg --verify nexus-announcement.txt gpg: Good signature from "Nexus Market Admin <admin@nexus>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! Primary key fingerprint: [nexus admin fingerprint]
The "not certified" warning is expected — Nexus's key is not in a public keyserver web of trust. That warning means nothing here. What matters is Good signature, not the trust level.
3
Confirm connectivity via Tor
After PGP verification, each address is tested for reachability over Tor. We check for an HTTP 200 response on the root path and verify that the Nexus login page renders correctly. Addresses that pass PGP but fail the reachability check are listed but flagged — which has happened twice since we started this directory, both times during DDoS events that resolved within hours.
How to run your own verification
You don't have to trust us. Here's how to independently check any Nexus link against their published PGP key. Takes about four minutes on a clean Tails session.
First, find the Nexus subdread on Dread and locate the most recent link announcement. Copy the full PGP-signed message block — it starts with -----BEGIN PGP SIGNED MESSAGE----- and ends with -----END PGP SIGNATURE-----. Paste it into a local text file.
Import the Nexus public key into your local GnuPG keyring. Run gpg --verify against the saved file. The output should confirm a good signature matching the Nexus admin key fingerprint. If it does, the addresses inside that message block are authoritative. Done.
Nexus has the most recognizable interface among active markets — cyberpunk dark theme, coral-red accent color, that distinctive header layout. Phishing operators have copied it almost perfectly. The visual copy is not where they slip up. They slip up on the address.
A Tor v3 .onion address is 56 characters of base32 derived from the service's cryptographic public key. The only way to generate an identical address is to have the corresponding private key. Phishing sites cannot do this — so they generate a different address and rely on visual similarity to trick users into not checking.
Check the address before you enter your username. Not after. If it doesn't match one of the four addresses on this page, close the tab.
Common phishing tactics to watch for: addresses that start with the same 4-5 characters as the real address; addresses promoted via YouTube comments, Reddit, or Telegram; "new official mirrors" announced by accounts with no Dread history; URLs shortened via redirect services. None of those patterns occur with legitimate Nexus links. If you encounter any of them, the address is fake.
What to do if a mirror goes down
Use a different mirror from this page. All four connect to the same system. If all four time out simultaneously: first, try pressing Ctrl+Shift+L in Tor Browser to get a new circuit, then retry. Second, check the Nexus subdread on Dread for any announcements about maintenance or DDoS events. Third, check the Tor Project status page to rule out a network-level issue.
Nexus has logged 97.6% uptime across all four mirrors in the trailing 30-day period. True multi-mirror outages lasting more than 30 minutes have happened once in the past six months, during a coordinated DDoS event. They restored within four hours.
Don't use sources other than this page or verified Dread posts to find replacement links during an outage. Outages are exactly when phishing campaigns intensify — they target users who are already frustrated and less careful about checking addresses. Bookmark this page before you need it.
Nexus login — PGP 2FA is mandatory for all accounts. No password-only fallback exists.
Payment options on Nexus
Once you've connected via a verified mirror, Nexus accepts three cryptocurrencies: Bitcoin (BTC), Monero (XMR), and Litecoin (LTC). Of these, Monero is the strongest privacy choice — its ring signatures obscure both sender and receiver on-chain.
Get Monero from the official Monero project and withdraw to a self-custody wallet before depositing to Nexus. Never transact from an exchange deposit address directly — those addresses are linked to your KYC identity on the exchange. The entry guide covers wallet setup in detail.
LTC is the second choice: faster confirmation times and lower on-chain fees than BTC, without the full privacy of XMR. Bitcoin is widely held but requires mixing before deposit to meaningfully break the chain-analysis trail. Whonix combined with a Monero wallet is the setup most experienced users converge on for darknet operations.
Currency
Privacy level
Confirmation time
Recommendation
Monero (XMR)
High — ring signatures, stealth addresses
~2 minutes
Best choice for privacy
Litecoin (LTC)
Moderate — transparent chain
~2.5 minutes
Fast, lower fees
Bitcoin (BTC)
Low — transparent, heavily analyzed
10-60 minutes
Mix before deposit
§03 · security architecture
Why four mirrors exist
A single .onion address is a single point of failure. Against a well-resourced DDoS, it goes down. Nexus distributes across four independent Tor hidden services — each with its own IP, its own guard nodes, its own circuit topology.
An attacker targeting mirror 01 has no effect on mirrors 02, 03, or 04. Traffic routes automatically. Your session continues. That's the architecture. It's also why a phishing operator can't simply "take over" a mirror — each address is cryptographically bound to a unique private key held by Nexus.
The four addresses you see on this page are the only addresses tied to the Nexus admin PGP key as of April 21, 2026. Any address not on this list has not been verified. If you've seen other "Nexus mirrors" anywhere, check them here before using them. See the EFF threat model for why this matters operationally.
Mirror architecture — four independent Tor hidden services, one shared backend.
§04 · link questions
Mirror and verification FAQ
Questions specific to the Nexus link directory and verification process. For setup and access questions, see the entry guide.
What is the Nexus mirror system?
Nexus runs four independent .onion addresses that all connect to the same backend. They share the same user database, wallet balances, listings, and message inbox. If one mirror is slow or unreachable, any of the other three will get you in. No data loss, no re-registration required. The four-mirror architecture exists primarily as DDoS protection — an attack on one address doesn't affect the other three.
How do you verify these Nexus links are real?
Every address on this page was sourced from a PGP-signed announcement on Dread. We verify the signature against the Nexus admin public key using GnuPG before publishing any address. A bad signature or an unsigned message is treated as compromised — those addresses never appear here. Links are re-verified every 24 hours. The methodology section above walks through the three-step process in detail.
What happens if a mirror goes down?
Use any other mirror from this page. All four connect to the same Nexus system. If all four are simultaneously unreachable: refresh your Tor circuit with Ctrl+Shift+L in Tor Browser, then retry. True platform-wide outages are rare — Nexus has maintained 97.6% composite uptime across mirrors in the trailing 30 days. Multi-mirror outages lasting more than 30 minutes have occurred once in the past six months, during a coordinated DDoS campaign. Recovery took under four hours.
How often are the Nexus links updated?
We verify links every 24 hours against current PGP-signed Dread announcements. When Nexus rotates a mirror address — typically after a sustained DDoS attack or after an address is flagged as compromised — we update within hours of the signed announcement appearing on Dread. The timestamp in the page header reflects the most recent verification run. We've updated the address list on four separate occasions since launching this directory in early 2024.
Why does Nexus use multiple mirror addresses?
DDoS protection and load distribution. A single address is a single attack target. Four mirrors split incoming traffic and ensure that a volumetric DDoS against one address does not take the whole platform offline. When one mirror absorbs an attack, the other three remain unaffected and the platform stays accessible. This architecture is now standard among serious Tor markets. Any market running only one address in 2026 is making a reliability decision they'll regret.
How do phishing Nexus sites get detected?
Phishing sites cannot replicate a valid Tor v3 .onion address without the corresponding private key — that key is held only by Nexus. They generate a different address and rely on visual similarity and user inattention. Detection is straightforward: compare the full 56-character address against the four published here. If it doesn't match exactly, it's fake. The visual clone can be pixel-perfect. The address cannot be faked. That distinction is the entire defense.
Can I bookmark a Nexus mirror link?
Bookmarking a verified address is reasonable, but bookmark this page as well. Nexus occasionally rotates mirror addresses after sustained DDoS attacks or when an address is considered compromised. If your bookmarked address stops responding, come here for the current verified list rather than searching elsewhere. Outages are when phishing campaigns intensify — they specifically target users searching for alternative access points while frustrated. Having this page bookmarked removes that vulnerability.
What is Dread and why do you use it for verification?
Dread is the largest darknet forum, functioning as the community notice board for major markets. Nexus posts PGP-signed announcements there when mirror addresses change. Because posts are PGP-signed by the Nexus admin key, any tampering with the message content breaks the signature and is immediately detectable. It's the most tamper-evident public channel Nexus uses for official communications. We treat an unsigned Dread post from the Nexus account as potentially compromised — the signature is what makes the announcement trustworthy, not the posting account.
Why don't the Nexus mirrors use HTTPS certificates?
Tor v3 .onion addresses are their own cryptographic authentication layer. The 56-character address is derived from the service's public key — connecting to that address proves you reached the service that holds the corresponding private key. HTTPS certificates are issued by external certificate authorities, which don't operate inside the Tor network and add no meaningful security when the address itself provides end-to-end cryptographic proof of identity. Adding HTTPS to an .onion address would be redundant. Tor Browser indicates this correctly by showing the onion icon instead of a padlock. That icon means you have stronger authentication than HTTPS provides.
Copy a verified link. Open it in Tor. Done.
All four mirrors are online as of April 21, 2026. PGP-verified, not guessed. Scroll up for the copy buttons, or use the one below. For setup help see the entry guide and the platform overview.
