Skip to content
VORTEX/DNM Get links
SETUP GUIDE · 2026

Vortex Market access guide

Eight steps covering everything from Tor Browser installation through your first order on Vortexdnm. No assumed knowledge. Each step is written to stand alone — if you know Tor already, skip to Step 3. If you are starting from scratch, follow in order.

Before you start, you need:
  • A computer running Windows, macOS, or Linux (or a Tails USB for better isolation)
  • Internet access not blocked at the network level for Tor traffic
  • 30 minutes for initial setup, including key generation
  • A small amount of Monero, Bitcoin, or USDT for your first deposit
01 · GUIDE

Eight steps from installation to first order

The full sequence. Cross-referenced against Tor Project documentation, Monero community guides, and the current Vortex operator knowledge base on Dread.

  1. 01

    Install Tor Browser

    Go to torproject.org directly — not through a search engine result, which may surface mirror sites or promoted links. Download the stable build for your OS. Before running the installer, verify the cryptographic signature published alongside the download. The Tor Project provides both a signature file and their signing key at the same download page.

    On Windows: right-click the installer, run as administrator, allow through Defender if prompted. On macOS: drag to Applications. On Linux: extract the tarball to any directory and run ./start-tor-browser.desktop. On all platforms, the updater runs on first launch — let it complete before navigating anywhere.

    Immediately after launch, click the shield icon in the Tor toolbar and set Security Level to Safest. This disables JavaScript globally, restricts WebGL, and limits fingerprinting surfaces. Vortex loads correctly under Safest. Any darknet site requiring JavaScript to display basic content should be treated with suspicion — it is not a technical requirement for Vortex specifically.

    If Tor Browser shows a connection error on first launch, your network may block direct Tor connections. Use a bridge: click Configure Connection in the startup screen, select Use a Bridge, and choose the obfs4 transport. The Tor Project bridge database provides current bridge addresses.

  2. 02

    Set up a Monero wallet

    Vortex accepts Monero (XMR), Bitcoin (BTC), and USDT on TRON (TRC20). Monero is the recommended starting point. Unlike Bitcoin or USDT, Monero transactions are private by default — amounts, sender addresses, and recipient addresses are all confidential at the protocol level. For a detailed overview, see getmonero.org.

    Download the official Monero GUI wallet from getmonero.org. Verify the signature before installing. During setup, the wallet will generate a 25-word seed phrase — this is the master key to all funds in the wallet, now and forever. Write it on paper. Store that paper somewhere physically secure. Do not photograph it or type it into any device. Do not store it in a cloud service. If the seed is lost, the funds are permanently inaccessible.

    For mobile: Cake Wallet is the widely recommended option in the Monero community. It supports Monero natively on iOS and Android, with full transaction history and privacy controls. Do not use any wallet that requires connecting to a third-party server for key generation — the wallet that generates your private key should be the wallet you control locally.

    To fund the wallet: purchase XMR from a non-KYC peer-to-peer exchange (LocalMonero, Haveno when available) or convert from another currency using an atomic swap. Vortex also has a built-in exchange — you can deposit BTC and swap to XMR inside the platform, which is a reasonable path if you already have Bitcoin. The built-in swap keeps the conversion inside Tor, which is a genuine advantage over using an external service.

  3. 03

    Generate a PGP key pair

    PGP is required for Vortex. You cannot register without uploading a public key, and every login issues a PGP-encrypted challenge that you must decrypt offline. Without a private key in hand, you cannot log in — not even with the correct password. That is a security feature, not a limitation. It means stolen credentials alone cannot access the account.

    On Linux: GnuPG is typically pre-installed. Run gpg --gen-key and follow the prompts. Choose RSA 4096-bit. Set a strong passphrase — this protects the private key if your machine is compromised. On Windows: download Kleopatra from gnupg.org (part of the Gpg4win suite). The graphical interface walks through key generation in about two minutes.

    After generating the key, export the public key (gpg --armor --export YOUR_KEY_ID) — you will paste this into the Vortex registration form. Export the private key to an encrypted backup location: a VeraCrypt volume on a dedicated USB is the standard recommendation. Also generate a revocation certificate (gpg --gen-revoke YOUR_KEY_ID) and store it separately. If the private key is lost without a revocation certificate, you cannot formally invalidate the public key on any keyserver.

    Never keep the private key on the same machine where you use Tor Browser. The separation between the key-storage machine and the browsing machine is the security boundary. Many operators use a dedicated offline machine or an air-gapped device solely for PGP operations.

  4. 05

    Register an account

    Click Register on the Vortex login screen. Choose a username that does not contain any identifying information — no real names, no usernames reused from other services. Generate a unique password using KeePassXC or a similar offline password manager. A password stored only in an offline encrypted database is harder to extract than one stored in a browser or cloud service.

    The registration form will ask for your PGP public key. Paste the exported public key block — beginning with -----BEGIN PGP PUBLIC KEY BLOCK----- and ending with -----END PGP PUBLIC KEY BLOCK-----. Include the full block including headers. An incomplete paste will cause registration to fail with a PGP validation error. That error message is accurate — do not proceed without a valid key upload.

    After registration, log in once to confirm the PGP challenge flow works correctly before depositing any funds. You will see a text area containing a PGP-encrypted message. Copy that message to a machine where your private key is available. Decrypt it: gpg --decrypt and paste the encrypted block. The output is a short string. Enter that string into the challenge response field on Vortex. Successful decryption confirms the key pair is working correctly end-to-end.

  5. 06

    Understand and use PGP 2FA on every login

    Every login to Vortex issues a PGP challenge — a random string encrypted to your public key, which you must decrypt and submit. The process takes about 30 seconds once you have a working workflow. Decrypt offline — ideally on a machine that has never been connected to the internet while the private key was present, or at minimum on a machine with full-disk encryption.

    The practical workflow most operators use: maintain a KeePassXC database with the account password, and a GnuPG installation or Kleopatra on a separate encrypted machine. Log in to Vortex from the Tor machine, copy the PGP challenge, physically transfer it (or use an isolated local network) to the GnuPG machine, decrypt, transfer the result back, enter into Vortex. This sounds slow. It takes about 90 seconds in practice and is considerably harder to attack than any password-only authentication scheme.

    Do not use browser-based PGP implementations (like Mailvelope) for the challenge-response. They introduce the private key into the browser context, which breaks the security model. The private key should never be present in a machine running the Tor Browser session. That is the boundary the threat model depends on.

  6. 07

    Browse listings and evaluate vendors

    After logging in, the dashboard sidebar shows category navigation. Vortex had 20,543 active listings across all categories as of April 2026. Use the search and filter functions to narrow by category, price range, and shipping region. Vortex shows vendor feedback scores on each listing — the aggregate rating and the number of completed orders are the two most informative signals.

    For your first order, filter to vendors with at least 200 completed orders and an average rating above 4.6. Ignore listings without visible feedback — newly approved vendors have not established a track record. Read the recent individual reviews, specifically any that mention shipping time and packaging quality. Those are the operational details that matter. Generic five-star reviews without content are less informative than a four-star review that describes the exact packaging method.

    Check whether the vendor uses Finalize Early. FE-only vendors release escrow before delivery is confirmed. For a first purchase from a vendor you have not used before, this transfers all the risk to you. Standard escrow vendors retain the 14-day window for disputes. Use standard escrow for all initial orders with a new vendor, regardless of their overall rating. The escrow window is the protection mechanism — use it.

    Message the vendor before ordering if you have any questions about shipping specifics. The Vortex messaging system supports PGP-encrypted messages — use it. Any vendor who asks you to communicate outside the platform (Telegram, email, external signal) should be treated with extreme caution. Vortex's messaging keeps the conversation within the platform's dispute record.

  7. 08

    Place the order and manage escrow

    Deposit funds to your Vortex wallet using the deposit address generated in your account. Send the amount in a single transaction — most vendors specify a minimum order amount, and the deposit address is fresh per transaction. Once the deposit confirms (XMR confirmations take 10 to 20 minutes; BTC is slower), the balance appears in your account and you can proceed to checkout.

    At checkout, confirm the shipping address is correctly formatted and encrypted if the vendor requires PGP-encrypted shipping details — most do. Submit the order. The escrow clock starts when the vendor marks the order as shipped. The standard 14-day window begins at that point. Note the auto-release date in your calendar. If there is a problem with the order, you must open a dispute before the window expires.

    Document everything from the moment you place the order: screenshots of the listing, the order confirmation, any vendor messages. The side with better documentation wins the majority of Vortex disputes. The mediator assigns decisions based on evidence. A dispute with no supporting materials against a vendor with tracking information is likely to resolve in the vendor's favor, regardless of what actually happened. Evidence collection is not optional — it is the mechanism.

    If the order arrives correctly, finalize within the 14-day window or let it auto-release. Leave a detailed review. Vendor reputation is the information infrastructure the next buyer uses to make decisions. A review that describes shipping time, packaging quality, and product accuracy takes two minutes to write and is worth considerably more than a star rating alone.

# Generate 4096-bit RSA PGP key (Linux / macOS GnuPG)
gpg --full-generate-key
# Choose: (1) RSA and RSA, 4096 bits, 0 = does not expire
# Then export public key:
gpg --armor --export YOUR_EMAIL_OR_KEY_ID > vortex-pubkey.asc
# Decrypt a PGP challenge:
echo "-----BEGIN PGP MESSAGE-----
...paste challenge here...
-----END PGP MESSAGE-----" | gpg --decrypt
02 · OPSEC

Operational security beyond the basics

The eight steps above cover getting access. These nine practices cover keeping it. They are drawn from operator consensus on Dread, the EFF's Surveillance Self-Defense guide, and the Privacy Guides recommendations.

Session isolation

Use Tor Browser's New Identity between distinct activities — registration, deposit, browsing, ordering. Each identity change flushes the circuit, session cookies, and browser state. It does not change your account session if you are already logged in, but it changes the network path. Tails OS automatically isolates sessions at the OS level — each boot is a clean slate.

Air-gapped PGP operations

The gold standard: a machine that has never been online since the PGP private key was generated. Decrypt challenges on this machine, transfer the decrypted string physically (type it, use a QR code on paper, or write it down). This eliminates the entire class of network-based private key extraction attacks. A Raspberry Pi purchased with cash and never connected to a network is a practical implementation.

Full-disk encryption everywhere

All machines involved in Vortex activity should have full-disk encryption enabled. On Linux: LUKS during installation. On macOS: FileVault. On Windows: BitLocker (or VeraCrypt for whole-system encryption without TPM dependency). Without full-disk encryption, physical access to the machine extracts wallet files, key files, and browsing history regardless of what the OS access controls say.

Monero transaction hygiene

Monero's protocol provides confidentiality by default, but some practices reinforce it. Use a new subaddress for each transaction — the Monero GUI generates these automatically. Do not reuse addresses between deposits. Avoid using exchanges that require KYC when converting to XMR. The Monero community maintains a list of no-KYC exchange options.

No screenshots of onion addresses

Photographs of screens showing active onion sessions, account balances, or order details are a common source of operational exposure. Image metadata, reflections in glasses or screens, and background details have all been used in operational security failures. If you need to share information about an order with a vendor, use the in-platform messaging system. Not screenshots. Not external channels.

Compartmentalization of accounts

Your Vortex account should share no information with any of your real-world identities: different username, different email if required, different PGP key, different password. Never use a Vortex username that you have used or would use on clearnet services. Cross-referencing usernames across services is a documented investigation technique. The compartment boundary is total, not partial.

Update cadence for all tools

Tor Browser releases security updates on a defined schedule. Update immediately when prompted — the patch is not optional for the period when the vulnerability is public but the update is not installed. GnuPG and wallet software follow the same rule. An outdated Tor Browser is one of the few attack surfaces that has led to documented operational failures at scale. One click in the browser update dialog closes the window.

Tails OS for regular use

Tails (tails.net) boots from a USB drive, routes all traffic through Tor, and leaves no trace on the host machine after shutdown. It is the operational security baseline the Tor community recommends for regular darknet market use. Setup takes about 20 minutes: download the ISO, verify its signature, flash to a USB with the official Tails installer, and boot. A Tails USB costs around $8 in hardware.

Whonix for advanced isolation

Whonix (whonix.org) splits the Tor client and the user-facing workstation into two separate VMs. The workstation VM cannot connect to the internet directly — all traffic routes through the gateway VM running Tor. Application-level leaks in the workstation VM (a DNS request in the wrong context, a WebRTC call from a browser bug) are blocked at the VM boundary before reaching the network. Qubes OS (qubes-os.org) with a Whonix template is the advanced configuration used by the most security-conscious operators.

03 · FAQ

Common setup questions

Answers to the questions that come up most often from new users working through the setup guide. For access-specific questions, see the access page.

Do I need Tor Browser to access Vortex Market?

Yes. Vortex operates exclusively on v3 .onion addresses, which are only routable through the Tor network. Tor Browser from torproject.org is the standard client. Set Security Level to Safest before navigating to the address. No browser extension, VPN service, or proxy alternative can access .onion addresses — they require the Tor protocol specifically.

Is Monero required on Vortex?

Not exclusively. Vortex accepts XMR, BTC, and USDT (TRC20). The built-in exchange converts between them after deposit. Monero is recommended because its transactions are confidential by default at the protocol level — amounts and addresses are not visible on the blockchain. Bitcoin transactions are transparent; USDT on TRON is also transparent. For maximum privacy, start with XMR from a non-KYC source.

Can I use a VPN with Tor to access Vortex?

Tor over VPN (connecting to VPN first, then Tor) hides Tor usage from your ISP. It does not improve anonymity on the Tor network itself. VPN over Tor (Tor first, then VPN exit) is generally discouraged — it creates a persistent exit point that can correlate sessions. Tails and Whonix are better isolation approaches than VPN additions. See the Privacy Guides VPN section for a detailed breakdown.

What is PGP 2FA on Vortex?

Every login to Vortex presents a PGP-encrypted challenge — a string encrypted to your registered public key. Decrypt it offline using your private key and enter the plaintext result. Without the private key, a stolen password alone cannot log in. This is why the private key must be stored in encrypted offline storage and never on the same machine running Tor Browser. It is the core security guarantee of the account system.

How do I get Monero to use on Vortex?

Install the Monero GUI wallet from getmonero.org. Back up the seed phrase offline before use. Purchase XMR from a peer-to-peer exchange without KYC requirements, or convert from another currency using an atomic swap service. Vortex's built-in exchange also lets you deposit BTC and convert to XMR inside the platform, keeping the conversion within the Tor session.

What operating system should I use for Vortex?

For occasional use: Tor Browser on Linux, macOS, or Windows with full-disk encryption. For regular use: Tails OS booted from a dedicated USB. For advanced isolation: Whonix or Qubes OS with a Whonix template. The security levels are meaningful. An unencrypted Windows machine with a regular user session is a very different risk profile from a Tails session booted from a fresh USB.

How does Vortex escrow work for new users?

Standard 14-day 2-of-3 multisig escrow. Three parties each hold one key: buyer, vendor, Vortex. Two signatures release the funds. If no dispute is opened within 14 days, the escrow auto-releases to the vendor. For your first orders, always use standard escrow. Finalize Early releases payment before delivery is confirmed — only appropriate for vendors with hundreds of verified positive reviews, and only after you have established your own track record with them.

What should I do if the Vortex link is not loading?

Retry once — Tor circuit failures are common. If the primary mirror still does not respond, try the two mirror addresses on the access page. If all three are unreachable at the same time, the market may be under active DDoS. Wait 30 to 60 minutes and retry. Do not search for "alternative" Vortex addresses during this period — DDoS windows are when phishing addresses circulate most aggressively, specifically to capture users who go searching.

Setup done? Get the verified link.

The access page has all three Vortex mirror addresses with copy buttons. Tor Browser installed and security level set to Safest — you are ready to paste the address and start.

Go to access page