Catharsis Darknet Market – Mirror 2 Dissected: Mirrors, Monero, and the Mechanics of a Post-Incognito Bazaar

Mirror 2 of Catharsis landed quietly in early June 2024, roughly eight weeks after the main .onion went dark during the mid-April «Incognito-style» takedown wave. For anyone tracking underground bazaars, the re-appearance was expected: the original PGP-signed canary had promised «persistent mirrors» and, true to form, the new v3 address shipped with the same header key and the familiar dove-and-dagger logo. What makes Catharsis interesting today is not novelty—it is the way the crew modularised their infrastructure so that seizure of one front-end barely dents order flow. Below is a field-notes style walk-through of how the market works, how users verify Mirror 2, and what has changed under the hood.

Background and quick chronology

Catharsis opened in November 2022 as a Monero-only «no-javascript» experiment run by former Libertas moderators. The first six months were uneventful: small vendor pool, conservative 50 k USD weekly turnover, no FE scams. Growth came after the Kerberos exit in August 2023 when experienced bulk vendors migrated over, bringing with them the expectation of rigid 2-of-3 multisig escrow. The original domain survived until 12 April 2024 when a German-led operation seized a handful of «bullet-proof» hosters in Moldova; within 48 h the staff pushed three signed mirror addresses—Mirror 1 (clearnet Tor2Web proxy), Mirror 2 (plain v3 onion), and Mirror 3 (I2P). Mirror 2 is now the workhorse, carrying roughly 85 % of daily sessions.

Feature set on Mirror 2

The code base is still the lightweight Python/Flask fork («Hiraeth 3.2») the team has used since launch, but the UI received a facelift:

  • Side-by-side BTC and XMR wallets (BTC is converted instantly to XMR via an internal Tor-facing swap partner, so vendors still receive only XMR).
  • Per-listing PGP «message of the day» that changes every 24 h; buyers can verify that the vendor controls the key in real time.
  • Integrated check.torproject.org connectivity test button on the login page—useful for users on restrictive networks.
  • Optional per-order «delay payment» toggle that keeps coins in market escrow for an extra 72 h; popular with bulk buyers who need lab time.
  • Vendor bond now 750 USD equivalent, up from 500 USD, but waived if the applicant can sign with a key older than two years from at least two retired markets (a clever way to import reputation).

One small but telling addition: the market now ships its own 38-word mnemonic in case the user forgets the PIN—very similar to the way Invictus handled recovery, minus the Javascript.

Security architecture and escrow flow

Catharsis never flirted with traditional central escrow; it launched with 2-of-3 multisig and still refuses finalise-early listings. Under the current model:

  • The market generates a unique BECH32 Bitcoin address for every order but immediately shapeshifts the incoming BTC to XMR through an internal service. The conversion rate is locked for 90 min, so price swings are absorbed by the house, not the user.
  • Monero multisig is handled client-side: the buyer’s browser derives the shared secret, the server only stores hashed fragments. For non-technical buyers the market offers an ephemeral web worker that performs the math locally; the worker is flushed after ten minutes, so no key material sits in RAM.
  • Disputes are arbitrated by a rotating trio of «old-guard» staff. Because the market never holds the full signing set, the worst an attacker with root access could do is delay refunds, not swipe them.

Mirror 2 itself is hidden behind a simple nginx reverse proxy that terminates TLS at the hidden service. There is no database of passwords; login relies on a PGP challenge string plus a six-digit PIN, making credential stuffing impossible.

User experience observations

The landing page is still text-heavy, but load times average 2.3 s over a vanilla Tor circuit—faster than both ASAP and Nemesis during peak hours. Search filters now include «ships from» regions down to US state level, a nod to the growing demand for domestic parcels. One nagging bug: if you open more than five tabs the session cookie sometimes desynchronises, forcing a fresh PGP solve. Long-time vendors work around it by running two Firefox-ESR profiles side-by-side.

New user onboarding is terse but adequate: a single-page OPSEC primer that recommends Tails 5.22 or later, warns against Windows clipboard malware, and links to the official Monero GUI hash file. No Javascript means no third-party coin analytics, but it also means no price charts; traders who need real-time XMR/USD data simply open Kraken in another Tor tab.

Reputation, trust signals, and scam hygiene

Catharsis has not suffered a public breach or large-scale scam since inception—rare for a market older than 18 months. Vendor pages display four metrics:

  • Confirmed sales (multisig releases only, no padding)
  • Median shipping days
  • Dispute win-rate (buyer-friendly < 5 % is highlighted green)
  • PGP key age in days

Buyers can export the entire history as a signed JSON file; savvy researchers pipe that into pandas to watch geographic routing shifts over time. One red flag to watch: because Mirror 2 allows «delay payment», a vendor could in theory accept dozens of orders, stall for 72 h, then disappear. So far the internal cap is ten pending delayed orders per vendor, enforced in code rather than policy.

Current uptime and reliability

Over the past 60 days Mirror 2 has clocked 98.4 % uptime according to two independent onion monitors. The brief outages coincide with Tor consensus flips, not backend issues. Withdrawals are processed in the next Monero block 95 % of the time; the remaining 5 % sit for less than 20 min. Staff posts a weekly signed canary that includes the block hash of the last Bitcoin block mined on Sunday 00:00 UTC—an elegant, low-cost way to prove they still control the keys.

Law-enforcement risk feels moderate. The market code contains no obvious honeypot artefacts (no browser fingerprinting calls, no WebRTC), and the server headers return the generic «nginx» string. On the other hand, the internal swap partner is a single point of financial metadata leakage; if that server is ever compromised, correlation attacks become feasible.

Parting thoughts

Catharsis Mirror 2 is not revolutionary; it is simply a disciplined evolution of the multisig-only playbook that earlier markets preached but rarely practised. The decision to absorb BTC volatility rather than force XMR on every user lowers friction, while the rotating dispute crew keeps scam levels tolerable. Power-users will appreciate the stripped-down, no-javascript interface, but newcomers might miss the hand-holding that bigger markets provide. If you already run Tails, verify every mirror signature against the staff’s 2022 PGP key, and never finalise early, Catharsis remains one of the steadier venues in 2024. Just remember: mirrors can vanish overnight—export your order JSON, encrypt it to your own key, and treat any downtime longer than 24 h as an exit signal until a signed canary proves otherwise.