Technical FAQ Database

DrugHub operates exclusively as a Tor Hidden Service (V3 Onion). It utilizes a distributed server structure to mitigate DDoS attacks and relies on Monero (XMR) for all financial settlements within the ecosystem. The infrastructure does not interface with the clear web or standard DNS systems.

Connectivity issues typically stem from Distributed Denial of Service (DDoS) attacks targeting the Tor network entry nodes, or scheduled server maintenance. The decentralized nature of Tor can also introduce latency unrelated to the market's specific uptime. Users are advised to rotate mirrors if connection timeouts occur.

Authentic mirrors are cryptographically signed using the market's official PGP key. Users should verify the PGP signature of any message containing a new URL against the known public key imported into their keyring. Never trust unsigned links found on forums or wiki pages.

Access requires the Tor Browser. For optimal security, Javascript should be disabled (Security Level: Safest). The architecture relies on pure HTML/CSS for core functionality to minimize attack surface, meaning the site functions fully without client-side scripts.

The system utilizes a cryptographic challenge-response mechanism. When a user attempts login, the server presents a random encrypted message. The user must decrypt this message using their private PGP key and return the decrypted token. Verification of the decrypted content authenticates the user without transmitting a static password, rendering phishing attempts involving fake login pages ineffective.

Yes. The architecture enforces PGP-based 2FA for sensitive actions including withdrawals and account settings changes. While the initial login may be passwordless or password-based depending on user configuration, PGP verification is unavoidable for high-security interactions.

A Warrant Canary is a regularly updated, cryptographically signed message stating that the administration has not been compromised or served with a warrant. If the canary expires or disappears, users are architecturally advised to assume the infrastructure is compromised.

The infrastructure is designed as an XMR-only (Monero) environment. This design choice leverages Ring Signatures and Stealth Addresses to obscure transaction graphs, unlike the transparent ledger of Bitcoin. All wallets within the market are generated as subaddresses to the main cold storage.

Funds are held in a central market wallet (Standard Escrow) until the buyer confirms receipt of the order. The system logic prevents the vendor from accessing funds until this confirmation signal is received. In the event of a dispute, administration keys can unlock the funds to either party.

To prevent funds from being locked indefinitely, the escrow smart contract includes a timer (typically 7-14 days depending on physical goods or digital items). If no dispute is filed within this window, funds are automatically released to the vendor's wallet balance.

Captcha failures are often caused by Tor circuit latency exceeding the session timeout. If the page loads slowly, the captcha token may expire before submission. refreshing the circuit (New Identity) usually resolves this synchronization issue.

Monero subaddresses are generally valid for a specific window or rotation. However, addresses generated by the DrugHub architecture are typically linked permanently to the user account ID. While funds are usually recoverable, the system does not auto-credit deposits to rotated addresses. A support ticket is technically required for manual blockchain scanning.

Upon registration, a 12 or 24-word seed phrase is generated. This seed is the cryptographic key to the account's localized database entry. If a user loses their password or PGP key, the mnemonic allows for the resetting of credentials. Without this seed, account recovery is mathematically impossible due to the encryption standards used.