I would be wary of that, but if the new PGP key provided is signed with his former public PGP key then there should be nothing to worry about, presuming that the vendor did not give his private PGP key to anybody else. You would need to know his former public PGP key to be able to verify if the new key is signed with it. It does seem strange that he could not decrypt the message you sent him, so provided a new PGP key for you to use. I would personally have steered clear of this one, though it may turn out that there is nothing wrong at all and the vendor simply didn't take the precaution of backing up their private PGP key and their PGP program somehow became corrupted. Just to clarify, other accounts were NOT hacked - they were phished. The vendors in those cases went to a phishing site that was set up to target vendors, entered their login details and PIN and lost control of their accounts as a result. Please note that Silk Road will NEVER ask you for your PIN, no matter what. Also, please always ensure that you are visiting the correct URL: silkroadvb5piz3r.onion Libertas