Pygmalion Darknet Market – Mirror-2 Deep Dive

Pygmalion’s second-generation onion mirror has become a quiet reference point for researchers tracking post-AlphaBay decentralisation. The mirror—usually referenced as "Pygmalion Darknet Mirror - 2"—is not simply a load-balancer; it hosts its own code base (v2.4.7 at the time of writing), its own keypair, and a separate but synchronised ledger for multisig escrow. Because the market operators rotate canonical mirrors every 90–120 days, Mirror-2 now serves as the primary entry point for roughly 65 % of sessions, making it the de-facto "main" site even though the project still advertises itself as mirror-only infrastructure.

Background and brief history

Pygmalion first appeared in late-2021 as a Monero-only side project launched by former Apollon vendors who wanted a waiver from Bitcoin’s on-chain transparency. The original hidden service ran on a three-node setup (two application servers + one cold-wallet backend) and gained traction after DarkMarket’s takedown in January 2022. Mirror-2 entered the scene in May 2022 after a prolonged DDoS wave knocked the primary onion offline for 11 days. Rather than restoring a single endpoint, the team published a signed message—hash 512f3a9e—announcing "mirror parity" and inviting users to verify PGP-signed mirror lists published every 48 h. That approach, borrowed from the White House Market playbook, reduced phishing success from ~12 % to <2 % within three months.

Core features and functionality

Mirror-2 replicates the full feature set but adds a few tweaks that matter for everyday use:

  • Currency support: XMR native, BTC optional (via wrapped BTC using a transparent gateway). The gateway is one-way; you can deposit BTC, it is converted internally to XMR at market rate −0.8 %, but you cannot withdraw BTC.
  • Multisig 2-of-3 escrow with time-locked refund transactions. The market’s key is derived fresh per order, so even a server seizure cannot sign alone.
  • Per-message PGP encryption enforced for sensitive data (addresses, tracking numbers). The UI refuses to send plaintext that matches a regex for postcodes or UPS codes.
  • Built-in exchange rate freeze: once an order is placed, the fiat amount is locked for 15 % volatility. If XMR swings beyond that window, either side can cancel without penalty—stops the classic "I paid $120 but the vendor received $97" dispute.
  • Vendor bond: fixed 0.15 XMR, non-waivable. Waivers were abused on Mirror-1 for insider exit scams.
  • Finalise-early (FE) threshold: vendors with ≥200 sales and 4.85/5 average can request 50 % FE. Anything above that requires admin approval.

Security model and opsec footprint

Mirror-2 ships with a hardened nginx ruleset: all outbound connections are dropped except to four Monero daemons and two Tor metric servers. The market’s canary page (reachable at /canary.txt) is updated every 14 days and contains three parts: next update timestamp, latest Bitcoin block hash, and a SHA-256 hash of the current vendor onion list. Absence of the canary has, so far, correlated with zero seizures—though there was a 36 h delay in December 2022 when the servers migrated to a new hosting provider.

From a user perspective, mandatory 2FA is three-fold: (1) login TOTP, (2) withdrawal PIN, and (3) a per-order 4-digit code sent via PGP-encrypted message. That sounds excessive, but it eliminates the "cookie hijack → instant withdraw" attack that hit Tor2Door in 2022. Session tokens are rotated every 30 min and bound to the first exit node IP, so circuit isolation in Tor Browser is strongly recommended; otherwise you will be logged out on every circuit change.

User experience and interface notes

Mirror-2’s UI is a dark-themed fork of the open-source "Versus" template, but the devs removed JavaScript except for a 4 kB AES helper used client-side to decrypt order pages. Pages load in ~2.3 s over a standard 50 Mbit Tor circuit, placing it among the faster markets. Search filters are granular: you can filter by continent of origin (useful for customs risk), accepted cryptocurrencies, FE status, and even by median dispatch time. One personal nit-pick: the captcha is text-based and case-sensitive; with onion latency that can take two or three attempts.

Reputation, trust signals and community perception

Darknet trust is measurable. According to independent crawler DreadStats, Mirror-2 vendors have a cumulative 37 000 successful orders with a median resolution time of 22 h for disputes. The subdread r/Pygmalion has 8.4 k subscribers and is actively moderated; scam reports are cross-posted within minutes. High-profile vendors from the Cannazon diaspora (e.g., GreenMountain, EUPharma) moved their PGP keys to Pyggalion in late-2022 and kept the same .onion vanity, which provided a trust bridge. No confirmed market-exit has occurred so far, but two vendor exits in Q1-2023 totalled ~2.8 k XMR. The admin response was to lower the FE cap for affected categories—an encouraging sign compared with the shrug-and-disappear pattern seen on Darkode.

Reliability and current status

Over the past 90 days Mirror-2’s uptime sits at 97.4 %, with brief blips during the March 2023 DDoS wave that hit most markets after the Kraken takedown. The team mitigated the attack by enabling Proof-of-Work onion v3 introduction points—essentially a tiny CPU puzzle before the handshake. Legitimate users notice only a 1–2 s delay; automated spam crawlers are throttled. Withdrawals process in <60 min for XMR, assuming the mempool is below 50 kB. Bitcoin-gateway withdrawals were disabled in April 2023; if you deposited BTC you must convert to XMR internally before withdrawing—an intentional friction to push users toward the privacy coin.

Practical guidance for researchers and users

Mirror links rotate; never trust a URL from a random Telegram channel. Verify the latest signed mirror list either on the Dread subdread or via the market’s own signed canary. Always cross-check the PGP key fingerprint: it should match the static key published in May 2022 (fingerprint available in the canary file). If you are browsing without Tails, at minimum isolate the market profile in Tor Browser, disable JavaScript globally, and route Monero through your own node or a trusted i2p-zero remote. For added anonymity, split larger XMR amounts through a sub-address and stagger deposits; Pygmalion does not cluster deposits by default, but chain-analysis still loves round numbers.

Conclusion

Pygmalion Darknet Mirror - 2 is not revolutionary; its value lies in consistent execution. Multisig escrow, enforced PGP, rotating mirrors and a live canary together create a low-surprise environment—rare in the current scene. Downsides remain: the BTC gateway is one-way, the captcha is annoying, and vendor-exit risk is non-zero even with the lowered FE threshold. Still, for researchers cataloguing resilient market structures or for users who prioritise Monero-native workflows, Mirror-2 offers one of the more transparent governance models operating today. Treat it like any other onion service: verify keys, limit exposure, and never leave excess coins online.