Edit: Another safety tip: never click on links you get in messages, e-mails or forum posts. The URL listings at DNStats.net, DNM Avengers, the Reddit superlist and Deepdotweb are reliable: those at the Hub generally so, although there was a recent case of a phishing link being posted as an AlphaBay URL. If you get a message from ReallyTheMarketAdminHonest telling you to click on gxwbitcoinsucker.onion and log back in to test the new interface, DON'T DO IT. A little caution can go a long way against MiTM attacks. Kudos to /u/AdventureTimeSupply for his input.
After getting quoted in Wired, the Grand Wizard wanted to speak up about a few things.
First, Wired neglected to mention that GWL AlphaBay reopened not long after that comment was posted to Reddit. The Grand Wizard has managed heels who got more love than AlphaBay -- but while buyers may complain and complain and complain about the place, they appear reluctant to shop anywhere else. And we always give our customers what we want, especially when they give us the satoshis we want.
This has been a recurring theme in darknet history. Consider how many will spend hours bitching about exit scams and how few will take 15-30 minutes to learn 2-of-3 multisig. And until DNM users start taking responsibility for their financial safety we're going to keep seeing the same issues and hearing the same complaints.
Many seem unclear on how 2FA works, for example. If everybody used 2FA on the DNMs we might never again hear another "phishing" complaint. With 2FA a phished address/password combo is only half the battle: if the phisher doesn't have access to your private key he can't decrypt the challenge. 2FA makes it much harder to gain unauthorized access to an account: there's a reason it's the gold standard for corporate logins.
(Yes, someone with root privileges on the server might still be able to gain access to your satoshis -- but getting root on a server is a whole lot harder than social engineering access to an individual user account. Even a junior admin might not be able to -- SHOULDN'T be able to -- transfer money from your wallet to his. And getting a password is a lot easier than copying somebody's secret keyring).
Question for AlphaBay admins: have you considered implementing PGP Login? Outlaw and Dream Markets both offer this and it could go a long way toward silencing "phishing" complaints. Of course, it could also lead to hysterical screeds from people who lost their PGP key, but nothing is perfect.
The Grand Wizard has had 2FA since signing up for AlphaBay in April of 2015. During that time we have never had issues with disappearing funds or with misdirected withdrawals. We also get funds offsite as soon as we see them: we send enough to buy then send back the change as soon as the transaction is completed on our buyer accounts. And at present we don't offer conventional escrow, although that might change if we crunched the numbers and found it would be in our best fiscal interest.
We still have problems with AlphaBay's history of online drama. Nucleus is of comparable size to AlphaBay and had a rocky start. Yet they don't get tagged with half the allegations we see aimed at AlphaBay. We don't know exactly why they draw this kind of negativity, but we know their public relations team isn't helping. To put it mildly.
We have had funds disappear on other markets: it happened to us once on our Agora buyer account. We still don't know what happened -- and we know several other people reported missing funds at the time -- but we know that the problem never repeated itself after we started using 2fa on our accounts.
We would like to see AlphaBay get this public relations program under control because it is costing us money. If people don't trust AlphaBay -- and it's pretty clear from reading this subreddit that a lot of people don't -- they aren't going to shop there. Right now the ongoing clown show is taking food out of our mouths and sequins off our turbans. We think our business on AlphaBay could double or better if there wasn't a constant cloud of melodrama hanging over the place.
[deleted]