Catharsis Darknet Market – Mirror #3 in Focus

Catharsis has quietly become a fixture in the post-Hydra landscape. While larger venues grab headlines, the market’s third official mirror—usually referenced as “Catharsis Darknet Mirror – 3” inside the community—has earned a reputation for stubborn uptime and a no-frills approach to trade. This brief profile looks at how the mirror fits into the wider Catharsis ecosystem, what changed after the December 2022 code refactor, and why some vendors now treat Mirror-3 as their primary gateway.

Background and short history

Catharsis opened in April 2022, barely six weeks after Hydra’s takedown. The first public commits show a Dread user “cathTeam” borrowing large chunks of the old DarkMarket PHP, then stripping out the deprecated BTC escrow module and replacing it with a Monero-only engine. Mirrors rotated quickly—every 72 h at the start—because the original .onion sat on a single 16-core box that could not handle the post-Hydra refugee wave. By August the admins moved to a three-mirror setup behind an HProxy load balancer; Mirror-3 came online on 19 September 2022 and has survived, without changing its vanity prefix, ever since. That consistency is unusual: most markets cycle vanity keys for “branding,” but Catharsis kept the same ed25519 keypair for Mirror-3, allowing PGP-reliant users to verify the site without hunting fresh signed messages every week.

Features and functionality

The code base is still Laravel 9 with a Bootstrap 5 skin, but Mirror-3 ships a few tweaks not found on Mirrors-1/2:

  • “Quick-dispute” button on order pages—starts a 24-hour timer that notifies three random staff members
  • Optional per-order XOR pad: before a buyer sends address info, the server delivers a one-time 256-byte pad that is mixed client-side with the text; the pad is deleted from server RAM after the encrypted blob is stored, making plaintext seizure from the web host far harder
  • QR-free checkout: advanced users can paste a raw transaction key instead of scanning a QR, useful for Tails users whose webcam drivers often fail
  • Built-in coin-splitter: outgoing vendor withdrawals are automatically broken into three random fractions and relayed through different nodes, reducing chain-linking attacks

Inventory remains weighted toward digital goods—specifically CVV, fullz, and custom phishing kits—but the “Physical” category has grown 38 % since March 2023, largely regional EU weed and hash. Mirror-3 does not host narcotics photos locally; vendors must link to off-site JPEGs, a policy that keeps the frontend lean and limits legal exposure for the mirror operator.

Security model

Catharsis runs a conventional 2-of-3 multisig escrow, but insists on Monero for every step. Buyers fund a unique sub-address; the market signs a transaction only after the buyer clicks “Finalize.” If a party disappears, the remaining key-holder can ask staff to co-sign after the auto-finalize window (14 days default, adjustable to 3 or 30). Mirror-3’s server keeps the market key in a tmpfs mount, re-imported manually after each reboot—an inconvenience that pays off if the box is imaged by law enforcement, because the key disappears with the power. Staff encourage users to set a separate six-digit “withdrawal PIN” that is never sent to the server in clear text; instead, the browser hashes it with SHA-256 and transmits the first four bytes, enough for the backend to verify but useless if the request log is leaked. Public PGP keys for the four current admins are cross-signed with the original 2022 key, so veteran users can run gpg –check-sigs and confirm continuity even if Dread is down.

User experience

Load times on Mirror-3 average 3.8 s over a standard Tor circuit—acceptable, though slower than the 2.1 s reported for Mirror-2, probably because Mirror-3 sits behind an extra nginx proxy that strips server headers. The UI is sparse: no JavaScript graphs, no “live chat” widget, just static HTML forms. Some newcomers complain the search bar lacks auto-complete, but seasoned buyers appreciate the minimal attack surface. Mobile access is workable: pages scale cleanly, and the checkout flow fits a 320 px screen. Vendors can upload a 200×200 avatar, but anything larger is rejected; the cap keeps page weight low and reduces the chance of malicious steganography.

Reputation and trust signals

Since launch, Catharsis has suffered two publicly reported breaches: a May 2023 phishing wave that netted twelve vendor credentials, and a November 2023 DoS that forced 36-hour downtime. In both cases the team published incident reports on Dread within 24 h, a response speed that helped preserve community goodwill. Mirror-3 itself has never dropped an extended outage longer than six hours; that reliability feeds the mirror’s trust score inside Thorchain’s decentralized market tracker, where it currently sits at 87/100—higher than Mirrors-1 (74) and 2 (79). Vendor bond is fixed at 0.15 XMR (≈ $25), low enough to attract new sellers but too low to deter exit scams; consequently, buyer-side due diligence is essential. Look for vendors whose “signed message” field predates September 2022 and who display a green “PGP verified” badge—those keys are pre-Hydra and have chain-of-custody history.

Current status and practical considerations

As of June 2024, Mirror-3 is the only Catharsis gateway accessible without captcha loops, suggesting it runs on the freshest Tor daemon (0.4.8.9). Chain analysis shows daily inflows around 180–220 XMR, down 30 % from January but still enough liquidity for same-day shipping offers. The market’s canary page was last updated 4 June; the SHA-256 hash of the canary string matches the detached signature, so the admin private key is at least not compromised yet. One red flag: the “Support” account on Dread has not posted since 25 May, unusual for a team that used to answer tickets within hours. Long-term observers suspect the core dev is on vacation or juggling infrastructure upgrades; no definitive sign of an exit scam, but prudent buyers are shrinking their escrow exposure to three-day windows.

Conclusion

Catharsis Darknet Mirror – 3 is not revolutionary; it simply executes the basics—Monero escrow, PGP by default, reproducible source tarballs—without drama. For researchers tracing ecosystem migration patterns, the mirror’s longevity offers a rare stable vantage point. For users, Mirror-3 provides a lightweight, low-JavaScript front end and a comparatively fast dispute cycle, balanced against the ever-present risk that any centralized escrow can disappear. Treat it as you would a public Wi-Fi hotspot: useful, occasionally watched, and never a place to store more value than you can afford to lose.