A v3 onion address is a 56-character identifier for a hidden service in the Tor anonymity network. The 56 characters are the ed25519 public key of the service, base32-encoded, with a checksum and version flag tacked on at the end, terminated by the suffix .onion.
Self-authenticating
The address is the public key. When a Tor client resolves the address it derives the public key directly from the string, and then validates that whatever it receives from the hidden-service directory is signed by the corresponding private key. There is no DNS, no certificate authority, no separate name-to-key binding to attack.
Why partial-prefix verification is dangerous
The first eight to twelve characters of a v3 address are often a vanity prefix chosen by the operator (which is why several marketplaces tracked here have memorable starts like nexus or anubis). A phisher can run vanity generation to match the prefix and randomise the rest at low cost. Verifying only the prefix is not a verification.
Why v2 onions are dead
The earlier v2 scheme used 16-character SHA-1-truncated RSA-1024 keys. v2 was deprecated in late 2021 and removed from the Tor client shortly after. Any 16-character "onion" you see today is an archive entry, not a working address.