Questions Covered on Other Pages

To prevent duplicate answers, these topics have a single owner page each:

Payment & Escrow

DrugHub is one of the few generalists with a true triple-coin checkout, so the choice is a real trade-off:

  • Monero (XMR): best privacy — amounts and counterparties are hidden on-chain. Default to it for anything sensitive.
  • Litecoin (LTC): DrugHub's speed/fee sweet spot — much cheaper and faster than BTC, but transparent on-chain.
  • Bitcoin (BTC): easiest to source, also transparent. Deposit from a fresh address if you use it.

Whichever you pick, fund from a fresh address/subaddress and wait for the confirmation count DrugHub displays.

Yes — multisig-style escrow is selectable at checkout, and we treat that (plus vendor bonds) as a baseline before listing a market. Use it like this:

  • Small/test orders: standard escrow is fine.
  • Higher value: choose multisig so neither the vendor nor DrugHub alone can move the funds.
  • Finalize Early: avoid it with new vendors — it removes your protection. Prefer bonded sellers with deep dispute history.

Accounts & Phishing

DrugHub is the most heavily cloned brand we track — the LTC/BTC cash-out makes it worthwhile for phishers. Protect yourself:

  • Only ever open the endpoint from the DrugHub hub page, and read the whole onion string — not just the drughub prefix.
  • Be suspicious of any "register" page asking for an email or an upfront activation payment.
  • Expect your PGP 2FA challenge on login; its absence means you are on a clone.

Your only key back in is the recovery mnemonic from sign-up. On the real login page, use the recovery option and enter the words in order to set a new passphrase. There is no email reset and no support backdoor — if the mnemonic is gone, so is the account and any escrowed balance. (This is why the registration guide says to test the phrase before depositing.)

Once you upload a public key and enable 2FA, every login shows a short ciphertext you decrypt locally with your private key, then paste back the result. A stolen passphrase alone is useless without your key — which is exactly why a clone that skips this prompt is a red flag. Setup steps are on the registration guide.