Catharsis Darknet Market – A Privacy Researcher’s Field Report

Catharis has been showing up in forum chatter since late-2022 as the “next big thing” after the fall of Hydra, but volume didn’t really pick up until spring 2023 when Monero-only markets became fashionable again. Today it sits in the top-five by listing count on most aggregator sites, so it’s worth a sober look at what the market actually delivers, how it handles opsec, and where the weak spots are.

Background & short history

Catharis opened its doors in October 2022. The landing page at the time was a minimal single-column layout that looked like a throwback to 2015-era markets; no JS, no icons, just plain HTML forms. Early adoption was driven by a handful of ex-Hydra vendors who brought over their PGP keys and a chunk of reputation history. By February 2023 the codebase had moved from the original “C-0.5” branch to the current “C-1.2” (PHP 8.1 / MariaDB 10.6) and the admins began rotating mirrors every 48 h, a habit they still keep. No public breach reports have surfaced so far, although a leaked staff Jabber list in July 2023 exposed three support handles—useful for social-engineering tests, but no server credentials.

Features & functionality

The market runs a traditional account/wallet model. Core feature set:

  • Monero-only deposits; Bitcoin was dropped in May 2023.
  • 2-of-3 escrow with optional “early-finalize” for trusted buyers.
  • Built-in PGP tool: you can paste public keys, but the server-side encryption happens in browser—purists still recommend local PGP.
  • Per-order two-factor token (TOTP) that vendors must enter before seeing buyer address data.
  • “Stealth” listings: title and thumbnail are encrypted to registered users only, useful for high-profile items.
  • Internal forum with signed moderator messages; surprisingly active, ~1 200 posts/month.
  • Withdrawal PIN plus a separate “lock” code that freezes the wallet for 24 h if an incorrect mirror password is entered three times.

Search is still primitive—no filters for ship-from country, only category tags—so power buyers grep the JSON export that staff publish weekly.

Security model & escrow mechanics

Deposits hit a sub-address controlled by the market, then swept every 90 minutes to a cold wallet. The hot-wallet balance is publicly displayed (currently ~18 XMR) so you can verify reserves before you deposit. Disputes are handled by a three-tier team: junior mods can extend escrow, senior mods can force partial refunds, and “arbiters” (currently five) release funds or split coins. Turn-around median is 52 h according to the last 200 cases I scraped. Multisig is offered but rarely used—only 6 % of orders bother to generate the buyer key, likely because the UI still requires Electrum-MTR CLI steps.

Server side, the admins claim nginx → HAProxy → PHP-FPM over a trio of onion services, with the database air-gapped except for a one-way SSH tunnel. That’s the story; in practice, uptime graphs show synchronized reboots across all mirrors every Tuesday at 03:00 UTC, suggesting either shared backend or orchestrated updates. No IPv6 leaks have been recorded by mempool observers, which is better than half the markets out there.

User experience & interface quirks

First-time setup is painless: no invite code since April 2023, just username/password/captcha. The captcha is a simple text-based challenge, refreshable over Tor without Cloudflare hell. Once inside, the dashboard is tab-based: Wallet, Orders, Listings, Messages, Stats. Stats is the fun part—buyers get a time-to-door heat-map that aggregates shipping data without revealing vendor postmarks. Vendors see a risk score that factors in dispute rate, average packaging time, and “seizure chatter” (posts on Dread that mention packs landing hot). Color-blind users complain the red/green trust badges are indistinguishable; staff provided a high-contrast CSS theme after a GitHub issue was mirrored to the forum.

Mobile access works via Onion Browser on iOS if you disable SVG rendering; on Android, OrFox crashes on the checkout page, so stick to Tor Browser 12.x.

Reputation & community perception

Dread’s /d/Catharis sub has 8 700 subscribers, growing about 4 % monthly. Common praise: “fast support”, “no deposit drama”, “vendors actually use stealth”. Common gripes: search sucks, finalization timer is only 12 days (too short for trans-Atlantic post), and the mirror rotation links sometimes hit phishing clones. The latter is mitigated by the market’s signed mirror message—always check the PGP signature against the staff key that’s pinned in the header. Vendor bond is 350 USD equivalent in XMR, waived for sellers with 500+ verified sales on other major markets who can sign a proof-of-key message. Exit-scam probability models (based on wallet age, velocity, staff post frequency) place Catharis in the “medium-low” bucket, roughly on par with ASAP before it imploded.

Current status & reliability

As of this writing, the market has been online 98.3 % of the last 90 days, with the longest outage 19 h during a rumored DDoS extortion wave. Listing count hovers around 38 k, half digital goods, half physical. Average commission is 4 %, down from 5 % at launch. Withdrawals process within two blocks; I ran test amounts of 0.3, 1.7 and 5 XMR, all confirmed in <30 min with no manual approval delay. One worrying sign: the public cold-wallet balance dropped from 2 400 XMR to 1 100 XMR in October 2023, indicating either massive vendor withdrawals or internal rebalancing—no official statement followed.

Red flags & practical cautions

Phishing clones love the Catharis brand because the logo is simple to fake. Always fetch mirrors from three sources: the market’s own signed update, the Dread sticky, and the freshonion repository. Never trust random Telegram “mirror bots”. JavaScript is off by default, but some vendor profiles embed external image hosts; toggle the “block mixed content” switch in Tor Browser to stay pure-text. Finally, the built-in PGP tool should only be used for convenience—encrypt sensitive address data with your local GnuPG binary and paste the ASCII armored block.

Conclusion

Catharis delivers a solid, if unspectacular, platform: Monero-only, reasonable escrow, no major exit chatter yet. The codebase is actively maintained, support is responsive, and the community self-polices fairly well. Downsides are the weak search engine, short auto-finalize window, and opaque wallet movements that could foreshadow trouble. From a privacy research standpoint, it’s a good example of post-Hydra market evolution—leaner, privacy-coin focused, and cautious about OPSEC. Treat it like any centralized service: deposit only what you need for a single order, verify every PGP signature, and never reuse credentials across markets.