Alphabay market admins posted yesterday about some changes done in their market, including UI upgrade and maybe the most important upgrade that people should note – the Signed deposit address – meant to combat the most hated onion cloner phishing scams (common phishing scam sites which proxy markets on the fly while replacing deposit addresses to their own addresses in order to scam users into sending their BTC to the phishers instead of the market).
New users are advised to verify the PGP signature of their deposit address against the market pgp key located in its “contact” page.
This is how it looks:
You can learn more about PGP signatures here.
This is the original update posted by the market admins:
-----BEGIN PGP SIGNED MESSAGE-----
We just finished redesigning the market's place UI in order to improve
it and make it look more modern. We hope you enjoy the new clean
and responsive UI. In addition to that, we made a few additional changes.
(if you use a VERY outdated browser and for some reason the new skin
does not display correctly, you can add "/old" to the URL to use the old
- -- Orders & Sales --
All orders and sales will be purged securely from the list 30 days after finalization.
For security reasons, and in case the account gets compromised, this was the
best option to do.
- -- User List --
The user.php page no longer accepts a numeric parameter. The username must
now be supplied. This will prevent phishers from iterating through the user IDs
and messaging new members with phishing links. Also, some people were
suspecting us of inflating the user count. We don't, but to solve the problem, we
completely removed the user count.
- -- Messages --
The user title is now made more clear in the messages page. This is done in an
effort to prevent impersonation and make the user's ranking more clear.
- -- Deposit Address PGP Proof --
We added a feature where users can get a PGP-signed proof of deposit address.
The helpdesk was filled with "missing deposits" requests where the answer was
"this isn't an Alphabay address". Many phishing pages make a few customization,
for example displaying an address of their own, so you send coins directly to the
attackers. You now can have a proof that your deposit address is authentic.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----