In this guide we explain everything you need to know to get connected to the Tor2Door darknet market.
Tor2Door is a mid-sized darknet market that offers a large range of items; most of which are currently being offered on other markets. Though underground and slow to build a base of quality vendors, Tor2Door has directly benefitted from the string of recent market closures which have left many buyers without a place to shop and vendors without a place to vend. This situation has propelled them only recently into the limelight, attracting a lot of both positive and negative attention in the process.
We appreciate the simplicity of Tor2Door’s design and interface. It appears to be almost too simple, but behind it are some intricate elements that provide one of the most secure and risk-free darknet market experiences possible (when used correctly, of course). We appreciate that it accepts Monero (XMR) in addition to Bitcoin (BTC) and that they offer a multisig payment option for larger purchases (though it is not employed by many vendors). Tor2Door also supports two languages in addition to English: Spanish and German. Little things like this suggest that the admin(s) really do try to provide a comfortable experience for the user, suggesting they are not in this for the short term only.
In terms of what is acceptable for sale at Tor2Door, pretty much anything goes, except for the usual no-nos, which now include fentanyl. The market does not employ a captcha system, somewhat thankfully, but it is the persistent target of DDOS attacks. Instead of overly-annoying captchas, Tor2Door simply hosts a collection of recent mirrors on their site which revolve somewhat frequently. They also maintain an active presence on darknet social media where they field questions from users and announce new features. One such interesting feature recently revamped by Tor2Door is their BTC/XMR exchange service, which they claim processes coin swaps instantly and of any size. They offer a flat 2% fee for this service.
A few of the downsides of Tor2Door are that it is a bit limited in terms of vendor selection, there is no way to tell the level of experience of a vendor while browsing listings, and there are almost no reviews or purchases of any of the currently listed products. This does create somewhat of an aura of a ghost town for the market, though veteran vendors do exist here (they are just hard to locate). This problem exists despite the prevalence of listings, creating a huge listings-to-sales ratio. The market seems to be fine outside of this bit of a spam problem, and we can recommend it at least to the degree of one sale at a time.
Basic Facts about Tor2Door
- Tor2Door Market link: tor2duf4e5fmvwj5sanpgftjl5pstswkybj2w47ehs73hd4bmscihlqd.onion
- Year founded: 2021
- Cryptocurrencies accepted: Bitcoin (BTC), Monero (XMR)
- Total Product/Service listings: 12,500
- Listing Categories: Fraud, Drugs & Chemicals, Digital Products, Counterfeit Items, Jewels & Gold, Services, Software & Hosting, Others
- Multi-signature escrow? Yes
- Finalize Early? Yes
- Cost of vendor bond: $300 (waived for established vendors)
Before Getting Started
Before attempting to use Tor2Door or any darknet market, there are some rather sophisticated concepts of which you must first be aware:
- Cryptocurrency transacting. You must know how to send and receive cryptocurrency; chiefly Bitcoin and Monero. If you plan on making multisignature transactions, you will also need to know how to do that as well.
- OpSec. Short for Operations Security, OpSec (as it applies to the dark web) is the art of limiting your online movements in a way that reveals as least information about yourself and your identity as possible. For instance, good OpSec entails never incorporating details from your personal life or other online identities into your darknet market usernames. Another pillar of darknet OpSec is never making a deposit to a market wallet straight from a crypto exchange.
- The Tor browser. You must have the Tor browser installed on your computer to visit hidden sites like Tor2Door. You should also know how to use Tor in such a way that you can maximize online privacy and thus retain good OpSec.
Disclaimer: This guide is for research purposes only and should not be construed to be advice; legal or otherwise. The authors of this guide do not condone activities that are illegal in your jurisdiction or others. Use the contents of this guide and/or Tor2Door at your own risk.
Don’t Get Phished
Making a deposit to a phishing site is the #1 people lose money while trying to transact on a darknet market. They often look the same as their target, indistinguishable in every way… except for a few major ones. The Tor2Door admins are plenty aware that their site is the subject of several impostors hoping to trick the unaware into depositing coins onto their fake sites.
This is about the maximum they can do to help prevent you from being phished; after that, it’s up to you to make sure you are on a verified link and not a phishing one. Be safe and double-check your link’s legitimacy every time — especially when using a link for the first time.
Creating an Account
Tor2Door features an extremely simple account creation process. To begin, first find a mirror from a verified link and arrive at the Tor2Door login page. Next, click on the “Create an Account” and fill in the following fields with your uniquely created information:
Press “Register” at the bottom of the screen after everything has been entered. If your username hasn’t been taken, you will be brought to a new screen that features your account mnemonic. This is a string of random letters and numbers that will allow you to access your account should you happen to get locked out of it.
After saving your mnemonic somewhere secure and where you will remember where it is, press the blue button underneath it to continue. Your account is now officially created, and you will now be transported to the main market page where you can begin browsing.
Setting a PGP Key
Using PGP is a must for today’s darknet market experience, and Tor2Door requires all vendors to use it at all times. To configure your PGP key, first hover over your username in the upper-right corner of the screen and select “Edit Profile”. You will be brought to the Account Settings tab by default. Notice how there is a text box in which you can add a description about yourself and also a place in which you can upload an avatar. We highly recommend against using either one of these options. Instead, click on the “Security Settings” tab, which is the third option down.
The second text box in this tab, titled Two-Factor Authentication, is where you will paste your PGP public key, which will look something like this when correctly entered:
Note there is a slider to enable 2-FA upon login. Enabling this feature means you will have to decrypt a message and paste a special code each time you want to log into the market. We recommend it if you feel you are at particular risk of someone logging into your account (if you use a public or otherwise shared computer, for example). After pasting your PGP public key in the box, press “Update” to continue. If everything goes according to plan, you will be brought back to the Profile Edit screen and presented with a message that says “Two-Factor Authentication successfully updated.” You will then be able to see your PGP public key saved in the text box and are ready to continue.
Making a Deposit
To make a deposit, hover over the Wallet menu option and click on the coin you wish to add (BTC or XMR). Note that Tor2Door will exchange your coins for you if you don’t have XMR (or BTC) for a 2% fee. This can be a great way to pick up XMR for those who otherwise wouldn’t have access to it. Of course, you should never deposit coins to a darknet market wallet directly from an exchange; regardless of whether those funds were specifically designated for purchases. We will be depositing XMR for the sake of this example.
Notice how unlike most darknet markets, XMR addresses are reusable on Tor2Door, for up to 7 days. We recommend never using them more than once, which implies not making more than one deposit per week. Deposits are credited to your account balance within 1 confirmation by the network (for BTC and XMR).
Note how the market also provides you with the option to verify the address. We recommend utilizing this feature as it is the best way to assure you aren’t about to get phished. Clicking on “Verify Address” launches the following popup:
There are a couple ways to verify the message. The old-fashioned way is to add the market’s key to your PGP utility and decrypt it from there. The other is to use an online decryption service like that hosted at darkfail. Both methods require that you have the market’s PGP key. On the real Tor2Door site, this key will be found at the bottom the website, in the footer area. Using darkfail’s PGP tool, the results of a verified message sent by the real Tor2Door would look like such:
You can now be assured that your deposit will be made on the real Tor2Door market site.
One of the other options to configure in the Edit Profile section are the settings for multisignature escrow transactions. You’ll only need to do this if you plan on making use of this particular feature, which isn’t supported by the majority of vendors, anyway. Placing an order from a vendor who does support it provides a peace of mind that can’t be delivered with traditional market escrow or pre-payments. Instead, it requires 2 of 3 parties to sign off on the transaction to release funds to the vendor account. This way, if there is a dispute, the market can work with either buyer or vendor to return the funds, and if Tor2Door goes down completely, the buyer and vendor can finish the transaction without the presence of the market.
To ready your account for Multisig Escrow, first hover over your displayed name and then click “Edit Profile”. Next, click the “Multisig Settings” tab. You will also need to have a multisig wallet already set up to generate a public key. The easiest way to do this is to create a new wallet in Electrum, choosing the Multi-Signature Wallet 2/3 option. You can locate you BTC public key by clicking Wallet->Information. It usually begins with “xpub” or “ypub”. Next, paste your Tor2Door mnemonic, BTC public key and corresponding address in the spaces provided.
Press “Update” when you are ready to attach the BTC Public Key to your account. If everything is correctly entered, you will get a message confirming the key has been attached to your account, and you are now ready to begin making multisig transactions on Tor2Door.
One of the best parts about Tor2Door is its interface. It is exceptionally straight-forward and makes the market extremely easy to navigate.
Listings on Tor2Door are divided into the following categories (and subcategories):
- Fraud (Accounts & Bank Drops, CVV & Cards, Personal Infos, Others)
- Drugs & Chemicals (Benzos, Cannabis & Hash, Dissociatives, Ecstasy, Stimulants, Opioids, Prescriptions, Psychedelics, Others)
- Digital Products (Guides & Tutorials, Erotica, E-Books, Software, Accounts)
- Counterfeit Items (Clothing, Electronics, Jewelry, IDs/DLs, Fake Passports, Other Items)
- Jewels & Gold (Gold, Silver, Others)
- Services (Carding, Others)
- Software & Hosting (Software & Malware, Hosting, VPN, SOCKS, Others)
Several subcategories are further broken down into sub-subcategories. Unfortunately, there are a lot of spam listings for worthless digital products littered across most major categories (even physical product categories) which can make the browsing process slightly tedious at times. Fortunately, Tor2Door does have a significant number of filters to help narrow down categories with tons of listings. Filters include product type, price, category, payment method, ships from/to, vendor last active, and accepted coins.
Clicking on a listing reveals additional information about it:
Here we can see the product type, payment type, coins accepted by the vendor, amount in stock, pricing in fiat, BTC, and XMR, as well as shipping information and options. Scrolling down a bit we find a series of tabs labeled Product Description (set by default), Shipping Policy, Refund Policy, Product Feedback, and Tags. You’ll want to give the information in these tabs a good read-through before placing an order with a vendor – especially for the first time.
We also recommend reading a vendor’s complete profile before deciding to place an order with them. To do this, simply click the vendor name on either the category results page or the listing page. This will bring up advanced info and statistics for a particular vendor:
This page can give you an idea of a vendor’s level of experience and competence. We see this vendor has been a member of Tor2Door for a little over a year and has managed to accrue 78 sales in that time. We can see they were last online 13 hours ago, that their average buyer feedback score is 4.9 (very high), and they have a Trust Level of 3 (intermediate). Flipping through the tabs in the vendor profile you can also find their PGP key (should you want to send them a message before placing an order) and Feedback left by previous customers.
Placing an Order
After you’ve found an item you wish to purchase, select the shipping option and quantity you desire from the item’s page, then click “Add to Cart”. Next, click the “My Cart” button toward the upper-right corner of the screen to begin the checkout process.
First you will be brought to a screen that will confirm the quantity, shipping, and pricing information. You’ll notice the pricing is displayed in terms of fiat, BTC, and XMR. If this information looks correct to you, press the “Checkout” button to proceed.
Next you will be brought to the order confirmation screen. Here you will select to pay for this order using your BTC or XMR balance, enter your PIN to validate the purchase, and your encrypted shipping information. Tor2Door does provide an auto-encryption option, but we suggest doing this on your own as this is considered to be best practice for OpSec. You can find the vendor’s PGP key by visiting their profile, scrolling down to the profile tabs and selecting the “PGP Key” tab. Import it into your PGP client and use it to encrypt your shipping information. When correctly pasted onscreen, it will look something like this:
Press “Confirm” when you are ready to continue.
There are three different payment methods supported by Tor2Door, though not every vendor employs all three:
- Escrow: this is the traditional, market-held escrow system. Funds deposited to your accounts are set aside for the vendor and released upon the buyer’s finalization of the order.
- Finalize Early: this option is reserved for vendors that have established a certain degree of trust with the market and is basically the same as escrow; the difference being funds are to be released to the vendor after they have marked the item as shipped.
- Multisig: this option requires 2 of 3 parties (vendor, buyer and/or market) to sign off on the finalization of a transaction and is usually only offered by vendors selling high-priced items; it only applies to purchases made with BTC (as XMR cannot support multisignature transactions).
Note that if you choose a Finalize Early vendor, you will need to mark the order as Finalized after you have been informed by the vendor that it has been shipped. You will likewise need to pay close attention to the status of your order when using the Multisig option to make sure the vendor can get paid as quickly as possible. If you are using the regular Escrow method, you should confirm that you have received the order and that it is to your satisfaction before marking it as finalized and releasing funds to the vendor.
If you’re not satisfied with the quality or contents of your order – or your never receive it at all – you can file a dispute which will hold the funds until both buyer and vendor have had a chance to present their side of the case and market moderators are able to come to a decision. Of course, we recommend never having to get to this point in the first place, which can best be avoided during your darknet market experience by sticking with orders from well-experienced, high-quality vendors. The vendor you are dealing with can make or break an experience, and because of the potential risk involved we recommend sticking with those who know what they are doing.
Tor2Door Market URL: tor2duf4e5fmvwj5sanpgftjl5pstswkybj2w47ehs73hd4bmscihlqd.onion
In all, Tor2Door is kind of a mixed bag. They have incorporated some modern elements (such as support for XMR and multisig), some unique elements (BTC/XMR exchanger service), and some traditionally annoying elements (such as the classic market escrow system and the overwhelming pervasiveness of spam listings).
Tor2Door has come quite a long way in the 13 or so months it has been around thus far, and the admins seem to be fairly active in terms of keeping things in working order. Because it does rely on the traditional account wallet system, the chance of exit scam remains omnipresent. Regardless, this problem can be mitigated by never leaving more coins there than needed to cover order at a time. Keeping this in mind and following the instructed we’ve provided, you shouldn’t have any problems with Tor2Door, so long as you are also gifted with a bit of common sense.