Wethenorth market directory
A quiet reference for Canadian darknet users who need working Wethenorth addresses without the noise of phishing clones and fake mirror lists.
The addresses
Both entries below resolve to the same market. The primary is checked every hour. The backup rotates in when the primary is under load or scheduled maintenance. Compare the address against the signed mirror list on dread before you paste — one wrong character and you land on a phishing clone.
| Role | Address | Status | Uptime | |
|---|---|---|---|---|
| Primary |
Loading…
|
Online | 98.4% | |
| Backup |
Loading…
|
Online | 96.1% |
Background
Wethenorth is a Canadian-focused darknet marketplace that has been trading since late 2021. It grew slowly through word of mouth on dread and smaller forums, which is part of the reason the interface still feels closer to a community board than a polished storefront. The market serves 81,709 registered users as of April 2026, with most activity centred on domestic Canadian vendors shipping within the country. Staff keep a visible presence, replying to disputes in a few hours rather than days.
The catalogue sits at 15,255 listings across 1,277 active vendor accounts. Categories lean heavily toward personal-use quantities, with strict rules against weapons, fentanyl, and anything involving minors. Vendors apply through a bond system and a short written interview, which filters out the drop-and-run accounts common on larger markets. Listings include shipping origin, stealth rating, and a required PGP signature on every address the buyer receives. Escrow is mandatory for new accounts.
Uptime over the past 90 days measures 98.4%, calculated against the three primary mirrors rotated by admins. Short planned maintenance windows appear on the login banner a day in advance. The market publishes a canary signed weekly with the server PGP key, which regulars check before placing orders. If the canary ever goes stale by more than eight days, treat any address you see as suspect until the signed update returns. This page mirrors the canary timestamp so you can verify without logging in first.
The admin key itself has not changed since late 2021. Regulars keep it imported locally and run a one-line GnuPG verify on the canary text whenever the front-page banner shows a new date. A fingerprint mismatch has never happened in the market's history, and that continuity is a useful data point on its own. When the key changes, it will be announced both on the login banner and on the dread moderator account — two channels, both signed — and the dread post will include the old key's signature over the new key so anyone following along can trace the rotation themselves.
Shipping patterns have stayed consistent. Letters move through Canada Post lettermail, small parcels through regional expedited services, and the occasional vendor uses a same-day courier for urban-to-urban orders. Delivery windows range from two days inside a single province to about a week across the country, which is roughly the same as any legitimate domestic parcel. Stealth rating on each listing is buyer-voted, and the vendors who keep a high stealth score tend to also keep faster dispute resolution and better communication. Those three signals — stealth, shipping speed, response time — are how most regulars pick between two vendors carrying similar stock.
The guide below walks through the five steps it takes to reach the market cleanly. If you only need the address and already know the routine, copy from the table above and skip to the signed canary check at step three. New users should plan on reading all five before signing up — skipping the PGP two-factor in step five is the most frequent source of later account-drain posts on dread, and the setup takes under ten minutes once the key pair exists.
Why regulars stay
Four design choices separate Wethenorth from the usual Canadian-targeted clones. Each one is a small decision, and together they explain why the user base is loyal rather than transient.
Each order gets a fresh deposit address. There is no shared wallet to watch or to lose. You send once, the funds sit in escrow for that order only, and the address is retired when the order closes.
A PGP canary is updated weekly. A stale canary is treated as a warning sign by the regular userbase. The key that signs the canary is the same one posted on dread since 2021, making the check trivial to do from any machine.
Login challenges can be tied to your public key. Password alone will not open the account. Every login issues a short challenge that only your private key can decrypt, which makes stolen credentials useless on their own.
Sellers post a refundable bond before listing. This keeps the drop-and-run vendor count close to zero. Combined with the short written interview at signup, it filters the catalogue to vendors who intend to ship the orders they take.
Additional reading on opsec fundamentals: Privacy Guides, Tails OS, GnuPG documentation, and Amnesty Tech. Each one covers a layer of the stack the market expects you to already use. For adjacent topics, I2P covers a parallel anonymity network, Nmap and SearXNG are handy sidecars for research, and Bitcoin.org keeps a clear introduction to what the market actually does with a deposit address after the coins land.
The four features are not decorative — each one blocks a specific failure mode that has taken out similar markets. Walletless deposits remove the shared-wallet exit-scam vector that cost Nexus users an estimated fifteen million and Abacus users even more. The signed canary makes a quiet warrant visible, the way regulars first noticed the Silk Road 2 infiltration years after the fact. PGP two-factor ends the password-reuse drain that follows every large clearnet database leak. The vendor bond filters the catalogue to sellers who intend to ship. None of the four is unusual in isolation; the combination is what makes the market's steady four-year record plausible to long-time users.
The flip side of these design choices is that the platform is smaller than international competitors. Fewer vendors, a tighter catalogue, and a region-locked buyer pool are the trade. Regulars accept the trade because the alternative is a larger market with a worse security record. If you want scale, other markets exist and have their own reasons to be used; if you want domestic Canadian shipping with the guardrails above, the list is short.
Access guide
Five steps. No shortcuts. If you miss one, the common outcome is either a phishing hit or a blocked login. The first two are about getting there, step three is the canary check that weeds out the clones, and the last two cover the account layer. Allow about twenty minutes end to end if this is your first time.
Download the current release directly from torproject.org over HTTPS. Verify the signature if you have GnuPG installed; the alternative is trusting a random mirror.
The signature check is a three-line command that compares the downloaded file against the Tor Project's signing key. If your signature verifies, you know the installer has not been swapped along the way. On Windows the installer places the browser in a portable folder, on macOS it drops a standard app bundle, and on Linux you unpack the archive to any location and run the start-tor-browser script. The first launch takes longer than any later one because the browser builds a fresh profile and joins the Tor network; two minutes is normal on home broadband.
If you use Tails from a USB, Tor Browser is already included and kept up to date by the distribution. For Mullvad users running a separate VPN, remember the market does not expect Tor-over-VPN and has no preference either way — see the FAQ if you want the reasoning.
Use the Copy button next to the primary address on this page. Paste it whole into the Tor address bar, never type it manually since v3 onions contain 56 characters.
The 56-character length is deliberate. Each character is part of a cryptographic signature of the server's public key, which is how Tor proves to your client that it reached the correct hidden service. One wrong character does not open a "similar" market — it opens a different machine entirely, and if that machine was set up by a phishing operator, the interface will look identical while they log your login details. The table above loads addresses from a signed JSON file, so the same source of truth sits behind both the primary and backup rows.
A common regular habit is to paste the address into a text editor first, count the characters, and visually scan the first six and the last six. The middle is hard for a human to check by eye, but phishing clones usually change the opening or closing block because that is what users typically remember.
Before logging in, open the canary link from the front page and compare the signature date. If it is older than eight days, stop and wait for an update.
The canary is a short statement signed with the server's private PGP key, declaring that no warrants have landed and no staff member is compromised. A healthy market refreshes it weekly. The eight-day rule is a rolling grace window — servers sometimes miss a day for planned maintenance, so "stale after eight" avoids false alarms while still catching real silence. If the canary disappears entirely or the signature no longer verifies against the admin key, treat any login attempt as high risk until the dread community confirms what happened.
Import the admin public key once, from the pinned post on the dread /u/wethenorth account, then keep it on your daily machine. Checking a canary after that is a single GnuPG command and takes under a second.
New accounts need a username, password, and a six-digit PIN for withdrawals. Do not reuse credentials from any clearnet service, including email.
Credential reuse is the single most common mistake on any darknet market. A database leak from a forgotten clearnet forum ends up with someone trying the same email-password pair on every market, and the accounts that reused those credentials are drained overnight. Pick a username with no link to anything you post elsewhere. Generate the password in your password manager — 24 characters or more, random — and store it there. The withdrawal PIN is separate from the login password on purpose: even if someone reads your password in transit, they still need the PIN to move coins off the account.
Email signup is optional. Most regulars skip it, since an email creates a weak link between the market account and a clearnet identity. If you do provide one, use a throwaway address from Proton Mail set up over Tor. For deeper reading on password hygiene, Binance Academy has readable primers on credential security and CVE Details lists the ongoing stream of bugs that make password reuse dangerous.
Add your public PGP key in account settings. From that point every login will require you to decrypt a short challenge, which blocks password-only takeovers.
This is the step most new users skip, and the one that saves most regulars when something goes wrong elsewhere. Generate a key pair on your local machine with GnuPG, copy the public block into your account settings, and save the private key somewhere you control. From that point the login flow shows a short block of ciphertext that your private key decrypts to a one-time string; paste the decrypted string back into the page and you are in. Someone who steals only your password sees the challenge and stops — they cannot proceed without the private key.
Do not keep the private key on a machine you share. A Tails USB is the cleanest option, and a modest hardware token works well if you prefer something more portable. For communication with vendors, the same key encrypts address labels and shipping details — both directions use the same toolchain.
Quick answers
Eight short answers for the questions that come up most often in the dread thread. If yours is not here, the background page has the longer history and the first steps guide covers setup detail.
The market focuses on domestic Canadian shipping and most vendors list Canada as their origin. International buyers can register and order, but selection is narrower and shipping times are longer.
Compare the address on this page with the one signed on dread by the /u/wethenorth account. A matching PGP signature from the known admin key is the only reliable check.
Bitcoin and Monero are both supported. Monero is recommended by most regulars for privacy reasons, and some vendors give a small discount for XMR orders. The official Bitcoin.org and Blockchain explorer are sensible starting points if you are new to either.
Default escrow runs for seven days after the vendor marks the order as shipped. Buyers can extend by another seven days if the package has not arrived, directly from the order page.
It is not required and most guides on dread advise against it. Tor alone provides the anonymity the market expects, and extra layers can create fingerprinting issues. If you still want a VPN for your ISP, Mullvad is the one regulars tend to trust.
Open a dispute from the order page after 72 hours of silence. Staff review the message log and usually resolve in favour of the buyer if the vendor has gone quiet without notice.
Reviews require a completed order and stay attached to the purchase record. Staff only remove reviews that contain doxing attempts or direct threats, not negative feedback.
The primary address is stable for months at a time. Backup mirrors rotate more often and are always announced through the signed mirror list before they go live.
Still unclear on something? The five-step guide answers the setup side, and the link table has the current canary date in plain view.
One copy away
Links verified and updated April 2026. Both addresses load from the same signed source; either row in the table above works.
Paste straight into Tor Browser. Count the characters. Check the canary. Done.
