In January 2025, multiple cybersecurity firms reported a wave of phishing domains impersonating Nexus Market. These fake sites used homoglyph attacks and typosquatting to deceive users into entering credentials.
The campaign leveraged at least 12 distinct domains, each designed to closely mimic the appearance of the actual marketplace. Researchers at several threat intelligence firms documented the infrastructure used.
Users are advised to verify any URL carefully and to treat all unsolicited links with extreme suspicion. Credential theft remains one of the most common attack vectors in darknet-adjacent scams.