The largest share of money users lose on Tor markets is lost to phishing clones, not to exit scams or law-enforcement seizures. The good news: phishing is the failure mode that is easiest to defend against, because all the checks are mechanical.
Never reach a market through search
A clearnet "first result" for a market name is almost always a clone. Type the onion by hand from a verified source; do not click through search results.
Use a verified source
PGP-signed announcement on the operator’s Dread account. Not Telegram. Not Reddit. Not email. Not chat groups. See how to verify an onion address.
Verify the full 56 characters
A vanity-prefix match (the first 8–12 characters identical) is not a verification. Phishers run vanity generation to match the prefix and randomise the rest, hoping you do not check the full string. Always read all 56 characters.
If you think you got phished
Change passwords on the real marketplace immediately and move any balance off the compromised account. If the phisher captured a PGP-encrypted shipping address from a message you sent through the cloned site, treat that address as burned and use a different drop next time.