Hello market owners. I am posting this on reddit as I know the majority of you read reddit, and I don't have the time to dedicate messaging individual market staff at the moment. Recently I had an idea that would be helpful in preventing users from staying phished: an account activity log. Similar to what reddit has, although obviously you would not be able to show IP addresses but you can include login time, user-agent, and duration of login to name a few things. With this, you will even be able to show a user an alert that their account has possibly been phished. For example if the user is showing a login every 30 minutes with a user-agent that is different than the user-agent that logs in intermittently (daily, weekly) this is a sign of the user being phished.
This is a fleeting thought, but I thought it good enough to post in hopes of implementation to protect some users.
The user-agent for the Tor Browser is the same for everyone
https://www.torproject.org/docs/faq.html.en#NoDataScrubbing