An address close to the secondary was reported circulating on third-party link lists during this window. It was a phishing clone, never part of the signed Awazon pool, and it copied the login page to harvest passwords.
This is the most common attack against any Tor market and the reason the board exists. A clone differs from a genuine address by a few characters in the middle of the string, where the eye does not catch a substitution. The defence is not vigilance about which list you read, it is verification. Copy addresses from the signed pool, check the address against the one the login captcha prints, and the clone falls apart on inspection because it cannot serve the correct address in the captcha while pointing you at the wrong one.
The board took no action beyond logging the advisory, because there was nothing on the genuine pool to fix. The clone lived outside it. Readers who verified were never exposed. See how phishing works and verifying a mirror.