News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

How to proceed further with Archetyp? : OpSec | Torhoo darknet markets

As I'm sure everybody here already knows that Archetyp went down and at the time of posting is still under maintenence. While I'm not concerned about my OpSec currently, as I've used PGP to encrypt all the sensetive information and used my own monero node to send all transactions, but what I'm thinking about is how to proceed further. While we have recieved a message from https://torhoo.cc/go.php?u=TDNVdlFtbG5RbTl6YzBOb1pXWlBaa0Z5WTJobGRIbHc=# signed with his PGP key, it was only very brief and in case of a LE seizure they might have seized his PGP key somehow. I'm not trying to spread FUD and there is no real evidence that this is a seizure, but there have been some fishy aspects going on with the clearnet mirror bouncers for example. What I'm going at, is how do we know that everything is truly alright when the market comes back up? How do we trust it? Is encrypting your address with PGP really enough, if in the worst case the LE are running the service? Could they for example substitute all public keys with their own, so that people who don't have the PGP key saved would fall for it? I mean if you get the key from the same website you're sending the encrypted messages they could create a key, disguise it as the pubic key of the vendor, then if you encrypted you address with that key, they have access to that info, because it's their key and then they'll just re-encrypt the data with the real key and forward it to the vendor. Same goes for the buyer. Unless you verify the public key with another source there is no way of knowing.
So: What questions would need answering and what measures to be taken so that we can trust Archetyp again? Will a more detailed explanation signed with BigBoss' key be enough? Would we just have to wait some time to see if people get busted?
/u/soul_m
2 points
1 month ago
I am not a supporter of conspiracy theories and other nonsense, but if after this someone wants to work with a person who violated all the security rules, then it is suicide. There are simple things: a person disappeared, a person also turned off the backend, a strange situation arose around the frontends, all this is not so strange, if there was a takeover, then this is just an analysis of his project now. In any case, a violation of backend security is a consequence that cannot be lived with - no announcements, no explanations, no presence in the current situation the admin did - what else is needed to understand that it is over and this project is dangerous and should be avoided - no statement in the future can be true after a crushing fall.
/u/AdvancedGeographics 📢
1 points
1 month ago
Agreed. I've gotten unlucky and had placed an order just before maintenence, but after that shit's been shipped, I'm out of there. I don't believe I owe anyone any loyalty on the dark web and there just isn't a point to be sticking with Archetyp at this point. A lot of people have been complaining about UI on other markets, but I believe good opsec is sometimes opposite of convienice. XMR and Escrow aren't a new technology exclusive to Archetyp and you can find a lot of things on other markets as well. Some of the vendors are even migrating from Archetyp for this very reason. I think it really is the best course of action to abandon Archetyp in favor of any other superlist market.
/u/thauma1
1 points
1 month ago
As long as you manually encrypt all your messages to vendors, you will be fine. LE would only have Boss' PGP key, not the vendors, so they could not do anything about you using the platform to buy drugs.
/u/AdvancedGeographics 📢
1 points
1 month ago
Yes, but if you get your vendor's PGP key from Archetyp? I mean if they control with what keys you encrypt the message and recieve the message with it, because they have hypothetically control over Archetyp, they could display fake vendor keys and decrypt all messages encrypted with them. Same goes for buyers. If a vendor wants to send you a message, the only place they'll know your PGP key from is the market itself, in which case LE could swap your real key with their own and then decrypt the message sent to you, save it and re-encrypt it with your real PGP key. From your perspective you won't notice a thing. The message is encrypted with your real PGP key and signed with the real vendor key. To you nothing has changed, but all of the sudden the feds can read your messages.
/u/thauma1
1 points
1 month ago
That's a very good point, but you can work around it as a buyer fairly easily, and that would be noticed very quickly in my opinion. To work around it, only use vendors you have used previously, and look at your keychain in Kleopatra and compare the two keys of the vendor.
/u/AdvancedGeographics 📢
1 points
1 month ago
Yea that is true, that's probably what I'll do as well. Since I've got their public key already, I'd just use that.
/u/1800slime
1 points
1 month ago
Got back into archetyp and evrything in my wallet is gone
/u/AdvancedGeographics 📢
2 points
1 month ago
Hate to break it to you, but you probably got phished. Archetyp is still down. If you accessed it via a link somebody shared and it seemed "up", that was fake and your login details are gone.
/u/1800slime
1 points
1 month ago
it was a link ive used many times from my persistent.
/u/AdvancedGeographics 📢
1 points
1 month ago
This is weird, but there always is a 2fa with having to verify your PGP key. The only reason it woudn't be there, is that they don't actually have your PGP key, because it's a phishing site. The main mirror is still in maintenence.
/u/1800slime
1 points
1 month ago
yeah super weird, the link i used is from months ago so idk i hope someone doesnt have my info now.
/u/1800slime
1 points
1 month ago
Also some links take me to maintenance page, some to problem loading onion site, and one took me to the login page where i didnt have to decrypt the pgp message and it took me straight in however all my favorites, messages, order history and funds in my wallet were gone
/u/PacificShelf
1 points
1 month ago
I had long suspected the boss of Archetyp was going to exit scam at some point. The "lottery" they have on their site was like a giant pool of public funds being collected just for that purpose lol
/u/3xtr4tr1f0rce Equo Ne Credite ❌🐎❌
1 points
1 month ago
As everyone says, as long as you always PGP encrypted, you should be good.
But, one thing comes to mind, remember incognito, remember he tried to blackmail people because his servers secretly saved sensitive information from people not using pgp, you know archetyp has 14 days before deleting dms you send to vendors, if they get seized, what is it to say past messages got in fact deleted after 14 days?
I used pgp even in dms when asking shit, but vendors usually dont answer back in pgp (bad practice), I did everything right, but what if these clear responses are still saved somewhere on the server and these vendors fucked me somehow?
/u/PacificShelf
1 points
1 month ago
unless there was personal information in those messages you will be fine.
/u/misterjonesy
1 points
1 month ago
I'm in the same situation. Vendor sent me tracking number unencrypted.

It's not quite personal info, but I feel like they can probably obtain the delivery address from that...
/u/Ghwbushsr
1 points
1 month ago
they ABSOLUTELY can obtain the delivery address with that

which vendor? don't protect em. Now they have evidence of a delivery to your address
/u/misterjonesy
2 points
1 month ago*
Malavitta.

They also used the worst decoy I've ever seen. They weren't responsive to my concerns about this either.

Shame really, because they were otherwise super-professional - very fast fulfilling and sending, very responsive, and excellent product.
/u/malavitta
2 points
1 month ago
Hello, we have always sent tracking numbers with Safenote, so once seen, it is no longer seen. Is our stealth bad? Are you the first to say that our stealth is bad, when many people have said that it is the best they have seen since buying in these markets, but it is your opinion and I accept it.
/u/misterjonesy
1 points
1 month ago*
You're right! I apologize about the tracking number comment. I forgot about the Safenote link; that's what was sent unencrypted. Assuming that really is a single-use link that can't be recovered by LE, there's no compromise of privacy there :)

But the decoy was surprisingly bad, especially given the reviews and comments you received about your stealth. I can't comment to the standard of your stealth generally, it was my first order. Would you like me to PM a photo of what I received?
/u/malavitta
1 points
1 month ago
yes bro,please
/u/PacificShelf
1 points
1 month ago
yeah that's not ideal
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo