• Price in XMR and other currency of your choice (you can choose the one that suits you most in your Account Settings)
• Accepted payment methods (traditional Escrow and/or Multisig)
• Quantity in stock
• Refund & reship policy
• Shipping info
• Feedback from buyers
• Points out the product’s advantages & disadvantages
• Helps to identify scammers
You can find some of the most established and reputable sellers on the darknet, on Alphabay Market.
If you access the vendor’s page, you’ll see on their Profile that there is Feedback, their PGP key, and their Shop listings.
• The Feedback section can give you a thorough understanding of whether you can trust this vendor or not.
• PGP key you can use to encrypt private communication.
• Shop exhibits all the shop’s listings.
Placing an order on Alphabay is incredibly simple.
You can do direct pay for each order, instead of adding funds to your account. Alternatively you can add funds to your account and spend them when you're ready.
To add funds to your account:
• Open your profile dropdown menu on the righthand of the screen.
• Click your XMR wallet.
• Type in the captcha and agree to the rules.
• Use the Monero address that it shows to send your funds to.
• Wait, and eventually your funds will be credited to your account. This could take anywhere from 1 minute to 2 hours depending on the speed of the XMR blockchain.
To direct pay for an order:
• After deciding what to buy click buy.
• During the checkout, type in all the necessary information for the vendor
• At the bottom of the order page, it will ask if you want to use market funds or direct pay. Choose direct pay. Then click buy.
• After clicking buy, a page will pop up with the XMR address you need to send the funds to. Pay, and wait. The order will be credited once the funds are received
The first step is to add your public PGP key to your marketplace account. To do so, please navigate to:
• My Cabinet
• Account
• Public PGP/Enable 2FA
Once you have done the above, you will land on this page /profile-pgp-public - You will see the following:
• My Account
• Add Public PGP Key / Enable 2FA
Two-Factor Authentication (2FA) will be disabled if the provided public PGP key is invalid or not verified. The Public PGP key will be displayed on your profile if your profile is public (private by default). Public PGP key will be used for you to do Two-Factor Authentication(2FA) logins.
You will see one of the following:
• Public PGP Key: NO KEY ADDED
• Enable PGP Two-Factor Authentication(2FA) | Status: DISABLED
[Edit PGP / 2FA Settings]
• Now enter your public PGP key in the "2fa-public-key" place holder field.
• Enter your password and click the "Edit PGP / 2FA Settings" button.
• Once you have added your key and completed the above, you will see the following: Public PGP Key: NOT VERIFIED [Verify PGP]
[Edit PGP / 2FA Settings]
Now we will need to verify your public PGP key and ownership of it. As you can see at the top, you will see a button "[Verify PGP]". It will encrypt a message using your public PGP Key we added earlier for you to decrypt. Decrypt the verification message using your key. Once decrypted, you will receive a signed message containing "Your AlphaBay 2-FA Verification Code:" inside the message, which will look like this:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
2-FA Verification for AlphaBay Market
Make sure you are NOT on any phishing links. Our PGP-signed domains you can find by adding /mirrors.txt to the URL you are on. The current message has been PGP-signed with AlphaBay Network official key (fingerprint: 1195 6CE2 F620 B52C D4C3 EDF4 11C4 80C2 5159 1B10).
It is YOUR responsibility to add all official AlphaBay keys (/pgp_information), verify the authenticity of this message and to ensure you are NOT on a phishing link (/mirrors.txt).
Your AlphaBay 2-FA Verification Code: ol3L7EBBTqmC-AB-PGP-VERIFICATION
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEEZVs4vYgtSzUw+30EcSAwlFZGxAFAmKnpcEACgkQEcSAwlFZ
GxDRcA//VWGqjWUYKxess9Sf78sUTNAA8Nu/sKnvfd2FZHG/5cT1cePSUO+SaNf7
X6cPLqvCkvhNLQdHH4/bwSt7+2dQR9mJ2+l0dfZ8Kk1KgGBXj1+YzZOyG5uFMkpr
aQUzfEFBcI1yMCiix5C5QTKGs/RPMMqX57NGOLH1UnLIPbxH0PIkTOUm3FVGQgrT
MCImN4M0xlUdKGv4Ga9xMgfM0Osq78ZzRsO4dbSTRFMTwq8BDPlE1gi5xm3FdAZ7
F2y2Wv/88xshCvPDhQOzdM/hzhBBVCwgsvVYdeqdDDspVynqeUUn7UhAfKfX1Iot
0ac6ZFdL5/GJI95Jq+LVFMwH42q6kZN/JNgl4bzuZCW0RonAvuelMTKy0FxjZU73
4P+RqQVw2tfVNUcqQ4hETR1BskYJh+mDkxdFgRf/mcTU5jDHMTWsY8QgEQry7EaX
C9TUynj5p88r4zmqMIYb5snyYN3GNZi/rOTc+Qi/PNgGDld5dJln6MKFddaYy441
LjRajgy7DBnRRSIHgkU/QEfHRa20YPnNiYFh4Vqxtb4MFXYAT6n2v+ft90YYaBbp
hziAVuoPFFPhwmEqS3Q98C+NF6ef12lijDWgnwOEtjE16BzvaiIBDfYmZqYOjEOz
YDy4rNbKXtnkEP1cmSTjTcwrlN59m5An+pcr8BhDIbIRWkjo7YM=
=nFON
-----END PGP SIGNATURE-----
Enter your code (e.g. test account code for is "ol3L7EBBTqmC-AB-PGP-VERIFICATION" as you see above in the decrypted message; yours will be different and assigned to your key/account) inside the box "pgp-verification-token" and then press the button "[Verify Your PGP Key]".
Once you have done that and entered the correct code from the message you decrypted, you will return to the Public PGP / Enable 2FA Page --> or /profile-pgp-public and you will see the following message displayed at the top: Public PGP Key: VERIFIED
You have now successfully added your public PGP key and successfully VERIFIED it.
Now that you have added and verified your public PGP key, the final step is to enable 2FA and add that extra layer of security to your account. To do so, do the following:
• Go to the bottom and tick the box where you see "Enable PGP Two-Factor Authentication(2FA) | Status: DISABLED"
• Enter your password followed by pressing the button "[Edit PGP / 2FA Settings]". Page loads and request is sent.
Now you will see: "Enable PGP Two-Factor Authentication(2FA) | Status: ENABLED"
You have now successfully added your public PGP key, successfully VERIFIED it and you have successfully enabled 2FA!
We have a bug bounty program at AlphaBay. For any security vulnerability or security bug we are willing to pay $$$$ provided that you make a responsible disclosure.
Responsible disclosure consists of two elements:
• You do not abuse the vulnerability. You can probe further at your own accord but abusing it to gain some kind of advantage or data is forbidden.
• You keep the vulnerability to yourself. That means no public disclosure before or after fix. If there is any solved security bugs, we will mention it in the changelog and potentially your name if is severe enough.
Contact us through a support ticket to initiate the reporting process.
Thank you.