News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Vendor Changed PGP Keys : OpSec | Torhoo darknet markets

Unsure of what protocol looks like for this. Did my first deal with BidenDaddy on arch at the start of the month. Custies liked it so I went to place a bigger order and all of sudden the vendor's pgp key has been changed. I was looking at the desciption and I noticed that they had a few orders not scan in a few months back. I guess I'm just a worried that there is a potential compromise. The new pgp on the profile isn't the same as the one on dread either. Just a bit sus rn ngl
/u/vitamphetamine
1 points
3 months ago
The correct procedure for changing keys is signing the new key with the old one. So if you've imported the new key (no harm in that) run gpg --list-keys, find the one you're looking for and run
gpg --check-signatures KEY_ID
(KEY_ID is the long hex-number shown before the key's name and email). If you had imported the old key you should see the number of "good signatures" in the resulting output. If you didn't, run the above command with "--show-signatures" instead of "--check-signatures". You should at least get the IDs of the signer(s) as a result. Decide yourself if you trust them.
/u/BidensWarAid
2 points
3 months ago
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

we did in fact change PGP key.

Here is a signature of our old key
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEE0UkdoWmSl4c9L8hZ8+O/hz3ylGAFAmfvXVEACgkQ8+O/hz3y
lGAAXwwA11RhBfuwzgyZMiTiwco6r7+qCSOg7EGhAx83/TTK10BODvDDX2/6lNJl
rhkZUX3OWkd4S5AOHmpf/jYCVyKR4QHDvR/5Zlvyc/NpkF6pfrG/yUDWmN7Ge2wu
FS4zaQ60bgwkll02mldWnNtkh8KeJC12ZhJ1ucXaVvAEkGNfepVFuLTp+m0fxif4
xHu1I5I0iap2FVQ1ekdmdIQb5DByOkfW425hyf++GpyTiSfHiXE5T6fdEHZgBdrH
I7kz92R8A1Tq0cGHxHpisLCT55qfXj/reSPcMO2LnBIjPtnzoVecY5HxfQTO9dqo
KVP8T/phg/339QmlyzQiwgpfcAbQ0WXOEOXwGG+KAk2h94i8MdSnxnRi73yfKSRk
CIMIzxPn/XAgde0cd9xRDaTJu66dpz3fG3dhCm++nDHt6emPabcnyJ6MsxcKWb03
wyfq12b0yYaIxmqJ4Tvw23RA3EyPymcOdi1/TdgLQU4aAlrlKS3cJB2H9+V/fZ2g
kozxydXW
=D0Rj
-----END PGP SIGNATURE-----


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Here is a signature of our new key
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEYuab/szESD2BKkLe/XqRSlciUssFAmfvXWYACgkQ/XqRSlci
UsviRgv/fzughOUjOLcYki+gJTZZssgpBV3aMI1JJmIjHAbehpmk6TKoZ/vzLs94
Bef98c1+B79Zwoymos8YntPdi60Tfgcp4Iso/PR4jlubZdFO1WIky4j73OV4Dxm4
auKtSoQmr5S+sGtYGlfWOpMZQt4nkRB8l5k8xU2qh7LCREv7uMHFZ2dXAlXgJLNC
nwKoHLIEUFMVxsd1bh14Fj9F72UtNEP4ekRIOY2W+dmn45uMBIzQW1YwTx33/8fK
GL1WdHjzgxiscFekEZaSoVPeAvm6SFPLxwBxqno4uTNZYZnOb4Z22MJi0k18hVsJ
1U8ZsatlVRTQ1VLkQKuhdLKRN5DlCgPgetvw3RBOUA31viJsyoJFrBM+P1Ias/37
tgjBj94NBA8Fg1PRraH7LOjELqN3C7EcN4r1p/NRmFAJ4z0yGwSJupJXkmhI/i/Z
DmEF/1m8LeSpRSg79wXoh7oKAqgWGU3va8v0cVJiC3EXTRUUsDo6/AfN43Q2a1Jd
dMQeNMl7
=Ilfr
-----END PGP SIGNATURE-----
/u/asfaleia ⚔️ασφάλεια⚔️
2 points
3 months ago
Can you ask the vendor for his original key signature for the new key? if he is not able to provide that, it could mean compromise. This would work only if the vendor didn't have the 2-factor authentication enabled, otherwise he would not be able to get to the account without the PGP private key.

You can also try to contact the website admin and check with them for vendor's suspicious behavior.
/u/sl0sh
1 points
3 months ago
Do you mean their comms key? I know some (all?) vendors change it on a monthly basis. They may have just forgotten to update it on Dread.
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo