Supported cryptocurrencies

We support four cryptocurrencies for the moment: Monero, Bitcoin, Litecoin, and Zcash.

Monero

For the moment, Monero is implemented in Simple Escrow Mode only.

To receive payments in Monero, the Vendor has to provide Monero address on settings page. The Buyer gets a new address with every item purchased. Then after ordering finalizes, we release funds from the address generated for Buyer to Vendor's address, which we keep in Vendor's settings.

For Monero, we use all addresses except integrated ones.

Bitcoin and Litecoin

We strongly recommend all Vendors and Buyers to get familiar with the Multisignatures system. It means that more than one key is required to authorize a BTC/LTC transaction. Because we use 2-of-3 Multisignature Application, Vendor and Buyer are always protected.

To receive payments in BTC/LTC, the Vendor has to provide BTC/LTC xPub, yPub, or zPub key. This is Extended Public Key we use to generate BTC/LTC address for every order.

After the Vendor provides us the Public Key, we can generate a new BTC/LTC address from Vendor's wallet for every order. We strongly recommend creating a separate BTC/LTC wallet to use with the Market. It is much more safe for users to keep their private BTC/LTC separated from the one they use on the Market.

Buyer, while purchasing, needs to provide either BTC/LTC address for Simple Escrow order. While using Multisignature Escrow, we require the address and the corresponding public key. If the Buyer receives a refund from Simple Escrow order, we send the funds to the given address. In Multisignature Escrow, buyer or vendor has to sign and broadcast the transaction, which market will provide.

Zcash

We support Zcash purchases with T-Addresses and Z-Addresses in Simple Escrow mode only.

To receive payments in Zcash, the Vendor has to provide the Zcash xPub key, which we use to generate unique Zcash address for each order.

For Z-Address support, Vendor has to enter Z-Address on settings page.

Buyer while purchasing, needs to provide either z-address or t-address. If the Buyer receives refund for any order, we send the funds to the given address.

How we manage security on the site

Security over the Tor network and on our market is our priority. We have spent an enormous amount of time to make sure that our environment is safe to use.

First of all, we encourage all Buyers and Vendors to use Monero. While Bitcoin is still the most popular cryptocurrency, it is not an anonymous one. We had seen so many cases when Vendors, Buyers, and markets got busted just because they were not careful enough when it comes to Bitcoin usage. That is why we actively promote Monero, which is the best solution to keep the transactions anonymous.

We are aware that most users still use Bitcoin. That is why we have decided to make it as secure and straightforward as possible.

We encourage Buyers and Vendors to use Multisignature transactions. This is the most secure method which lets Buyer and Vendor get protection in case of the market's closure.

We strip all exif data from the photos. Also, we decide to remove as much information from the transactions on the site as possible. We do not provide any detailed time of operations and actions taken by Buyers or Vendors. All timestamps are removed from the site to avoid any attempts of profiling our users.

Because we respect every right for data removal, we implemented the "soft deleting" of accounts on request. If a Buyer or Vendor decides to leave the market, all we need is a request for account closure via the support system. All data associated with account will be safely deleted. The only one thing which will be left is the username - this will prevent opening new accounts under the same name.

After a particular time, we delete all the completed orders from history. That includes all the conversation attached to the order (like dispute, auto-delivery, digital items), so please make sure to save any needed data from your purchase.

We try to push all users to use PGP encryption. All Vendors are required to use PGP Key attached to their account before they can sell. We do not force Buyers to set PGP on their accounts, but we strongly recommend to do so.

Even that the market provides TOTP authentication, we strongly recommend switching to PGP Authentication. Please be aware TOTP is not available for vendors.

If you are using Tails with persistence module enabled you can configure KeePassXC (included in Tails) to generate TOTP codes for you by simply clicking with right mouse button on password entry and selecting "Time-based one-time password" and "Set up TOTP..." option (make sure "Default RFC6238 token settings" option is selected). If you are curious about how TOTP works and what are it's weaknesses there is an article on Wikipedia explaining whole algorithm.