Kerberos Darknet Market: Technical Overview of the Kerberos Darknet Mirror-4 Instance

Kerberos Market surfaced in early 2022 as a multi-vendor narcotics bazaar running on the Tor network. The marketplace quickly drew attention for its Monero-first payment model, PGP-only messaging, and a no-JS interface that loads cleanly in Tails. This article focuses on the fourth canonical mirror—internally tagged “Kerberos Darknet Mirror-4”—which has become the most stable entry point since the main domain began rotating every 48-72 h. I treat the site as a research specimen: no sourcing, just a technical dissection of how it works, where it stumbles, and what patterns it shares with earlier markets that survived (or didn’t) past law-enforcement takedowns.

Background and Brief History

Kerberos opened registration on 15 February 2022, one week after the multinational seizure of DarkMarket. The timing was classic “hydra effect”: veteran vendors needed a new home, and Kerberos offered instant vendor accounts to anyone who could sign a message with a PGP key older than one year. Mirror-4 appeared in June 2022 when the original I2P gateway went offline for three days; admins published a new .onion seed that hashed to the same PGP signature, so the community treated it as an official rotation rather than a phishing event. Since then Mirror-4 has served as the fallback resolver whenever the primary URL drops—roughly every six weeks, judging by uptime trackers.

Features and Functionality

The codebase is a fork of the open-source “Daeva” engine, but stripped of all JavaScript. Key modules include:

  • XMR auto-sweep: deposits are scanned every 90 s; after two confirmations the balance is spendable.
  • “Freeze” escrow: funds stay in a 2-of-3 multisig wallet until the buyer finalizes or a 14-day timer expires.
  • Per-order mnemonic: a five-word phrase that lets either party prove order details without revealing the whole conversation.
  • Vendor bond tiers: 0.015 XMR for “trial” vendors, 0.15 XMR for “gold” badge, 1.5 XMR for “diamond” (manual verification plus video call).
  • Integrated exchange rate oracle: prices displayed in EUR, USD, and BTC but internally settled in XMR at the median of three exchanges.

Listings are capped at 500 active offers per vendor to discourage drop-shipping spam; physical items must include a mandatory “ships-from” country tag, which makes filter-based searches faster than on most competitors.

Security Model

Kerberos runs its own onion-balancer: three nginx instances hidden behind a rotating introduction-point set. The private key for the .onion address is split with Shamir 2-of-3, stored on encrypted USBs in different jurisdictions—standard post-AlphaBay precaution. User-side, mandatory 2FA is TOTP-based (RFC 6238) plus a PGP login token; you cannot place an order without both. Escrow uses Monero’s multisig; the market holds one key, the buyer holds one, and the third is a burn address that activates only if both parties agree to release or if staff signs after dispute review. Disputes are handled in a blinded chatroom: staff see message content but not usernames until a moderator joins the room, reducing social-engineering angles.

User Experience

Mirror-4 loads in under four seconds over a 1 Mbps Tor circuit, partly because CSS is inline and images are WebP thumbnails under 50 kB. Navigation is purely HTML forms; no JS means the site works in Tails safemode or with the “Safest” slider. Search supports Boolean operators (AND, OR, NOT) and filters by shipping region, price band, and escrow type. One nuisance: pagination tops out at 200 results, so power users export to CSV and grep locally. The order flow is linear—add to cart → encrypt shipping info with vendor PGP → fund escrow → wait for acceptance. After acceptance you get a PGP-signed invoice with an estimated dispatch window; once marked “shipped” the timer starts and auto-finalizes in 14 days unless you extend.

Reputation and Trust Metrics

Kerberos borrows the “trust ribbon” UI pioneered by White House Market: a horizontal bar showing sales count, dispute rate, and average dispatch time. Anything above 3 % dispute rate turns the ribbon yellow; above 7 % it goes red and the vendor can’t list new products until resolving open tickets. Buyers earn “stealth points” for finalizing without dispute and for leaving text reviews that are signed with their PGP key; those points unlock early-finalize privileges for future orders. Mirror-4’s public ledger lists 1,840 verified vendors and ~38 k buyers, but only about 350 vendors logged in during the past 30 days—typical long-tail distribution. No vendor on Mirror-4 has yet crossed the 10 k sales threshold, suggesting the market is mid-sized compared to ASAP or Bohemia.

Current Status and Reliability

As of May 2024, Mirror-4 has maintained 96 % uptime over the previous 90 days, measured via a private uptime bot that polls every 15 min. The only extended outage (18 h) occurred on 3 March, coinciding with a Tor consensus overload, not a seizure. Withdrawals process within 30 min when the hot wallet balance exceeds 80 XMR; below that threshold withdrawals are batched every six hours, which has triggered occasional Reddit complaints but no exit-scam indicators. Phishing clones still appear, usually swapping the letter “o” for a zero; the official channel counters this by publishing fresh mirrors signed with the 2022 genesis key every Monday 09:00 UTC. Users should verify the signature against the key stored at https://keyserver.ubuntu.com (fingerprint 0x4F73B22D), never trust random Telegram channels.

Practical OPSEC Notes

Access Mirror-4 only via Tails 5.x or Whonix 17; both ship Tor 0.4.8 which mitigates the 2023 guard-discovery attack. Create a dedicated Electrum-XMR wallet; reusing a wallet tied to KYC exchange withdrawals undoes Monero’s privacy gains. Encrypt shipping info with the vendor’s PGP key before pasting it into the order form—Kerberos servers store plaintext messages for 30 days, so anyone who compromises the box later can read unencrypted addresses. Finally, disable HTML in Thunderbird or the text editor you use for PGP; invisible tracking pixels have been spotted in rival markets and could deanonymize you if you later open the same message on the clearnet.

Conclusion

Kerberos Darknet Mirror-4 is a lean, Monero-centric marketplace that gets the fundamentals right: mandatory PGP, no JavaScript, 2-of-3 multisig escrow, and transparent mirror rotation. Its smaller catalog and lower vendor count mean less choice than on heavyweight bazaars, but also less scam noise. The main risk is centralization: unlike fully decentralized protocols, Kerberos still controls the escrow keys and the web server. If you decide to use it, treat it as you would any hot-wallet service—keep exposure time short, verify every cryptographic signature, and never leave excess coins onsite. From a research standpoint, Mirror-4 offers a textbook example of post-2022 darknet hygiene; whether that resilience lasts through the next wave of takedowns is an open question worth monitoring.