DrugHub Market FAQ
Escrow, payments, and account operations — trust, endpoints, and signup live on dedicated guides.
Quick Navigation
Questions Covered on Other Pages
To prevent duplicate answers, these topics have a single owner page each:
- Verified onion endpoints / mirrors — DrugHub hub page (only page that lists addresses)
- Is DrugHub down? Uptime & outages — Status monitor
- Is DrugHub legit? Pros, cons, verdict — Market review
- How to sign up, PGP, mnemonic — Registration guide
Payment & Escrow
DrugHub is one of the few generalists with a true triple-coin checkout, so the choice is a real trade-off:
- Monero (XMR): best privacy — amounts and counterparties are hidden on-chain. Default to it for anything sensitive.
- Litecoin (LTC): DrugHub's speed/fee sweet spot — much cheaper and faster than BTC, but transparent on-chain.
- Bitcoin (BTC): easiest to source, also transparent. Deposit from a fresh address if you use it.
Whichever you pick, fund from a fresh address/subaddress and wait for the confirmation count DrugHub displays.
Yes — multisig-style escrow is selectable at checkout, and we treat that (plus vendor bonds) as a baseline before listing a market. Use it like this:
- Small/test orders: standard escrow is fine.
- Higher value: choose multisig so neither the vendor nor DrugHub alone can move the funds.
- Finalize Early: avoid it with new vendors — it removes your protection. Prefer bonded sellers with deep dispute history.
Accounts & Phishing
DrugHub is the most heavily cloned brand we track — the LTC/BTC cash-out makes it worthwhile for phishers. Protect yourself:
- Only ever open the endpoint from the DrugHub hub page, and read the
whole onion string — not just the
drughubprefix. - Be suspicious of any "register" page asking for an email or an upfront activation payment.
- Expect your PGP 2FA challenge on login; its absence means you are on a clone.
Your only key back in is the recovery mnemonic from sign-up. On the real login page, use the recovery option and enter the words in order to set a new passphrase. There is no email reset and no support backdoor — if the mnemonic is gone, so is the account and any escrowed balance. (This is why the registration guide says to test the phrase before depositing.)
Once you upload a public key and enable 2FA, every login shows a short ciphertext you decrypt locally with your private key, then paste back the result. A stolen passphrase alone is useless without your key — which is exactly why a clone that skips this prompt is a red flag. Setup steps are on the registration guide.