Thor Market Mirror-5: A Technical Walk-Through of the Current .onion Portal

The fifth public mirror of Thor Market has been online for roughly seven weeks, making it the longest-lived Thor Darknet entry point since the original domain vanished in early March. Mirror-5 is therefore the first stop for most returning buyers and the reference point vendors use when they publish updated PGP-signed “where to find us” notes. This article dissects the portal’s internals, explains how it differs from earlier mirrors, and outlines the operational-security trade-offs you accept when you use it.

Background and Brief History

Thor itself launched in late-2021 as a mid-sized, drug-centric bazaar running on a modified version of the old AlphaGuard codebase. The team kept a low profile: no flashy Dread PR campaigns, no token launch, just a standard BTC + XMR wallet-per-order system with optional 2-of-3 escrow. Original uptime was solid—about 96 % measured over six months—until the first week of March 2023 when the primary .onion began returning 404s and the market’s canary went silent. Three days later staff resurfaced on Dread, blamed a “bad BGP leak,” and began pushing signed mirror links. Mirror-5 appeared on 14 March and has stayed reachable ever since, although the underlying market wallets and database are identical to the “main” site that disappeared; only the nginx front-end changed.

Features and Functionality

From a user standpoint Mirror-5 is a straight proxy: same login cookies, same PGP tokens, same wallet seeds. Once you pass the anti-DDoS PoW challenge (a six-digit hashcash string that takes 2–3 s on modern hardware) you land on the familiar Thor dashboard. Notable elements:

  • Dual-balance system: BTC for legacy buyers, XMR for everyone else. You can swap internally at a 1.2 % spread, cheaper than most tumblers.
  • “Instant” vs “Escrow” toggle on every order. Vendors with ≄ 150 sales and ≀ 2 % dispute rate can disable escrow; buyers see a red warning banner when that happens.
  • PGP-signed “vendor pages” that embed the last 90 days of feedback; useful for archival because Dread sometimes scrubs old threads.
  • Per-order QR codes for mobile Monero wallets; the URI contains the integrated address plus the 64-bit payment ID, eliminating the copy-paste step.
  • Dead-drop filter: physical listings can be tagged “DD” and filtered by distance from a chosen postcode. Co-ordinates are released only after finalization, limiting the damage if a vendor’s account is hijacked.

Security Model

Mirror-5 inherits Thor’s original security stack: server-side private keys live on an air-gapped HSM that signs withdrawal transactions once per hour; the hot wallet never holds more than 0.5 BTC or 30 XMR. 2FA is mandatory for vendors and optional—but strongly recommended—for buyers. The code still uses the old “partial private key” trick: the server knows half of your PGP key fingerprint, so even a full database dump does not let an attacker impersonate you without the remaining half stored client-side in localStorage. Escrow timeouts are 14 days auto-finalize, extendable once for another 7. Disputes are handled by a three-person panel; votes are published on a transparency page signed with the market’s master key. Since Mirror-5 went live, dispute volume has averaged 1.4 % of finalized orders, slightly better than the 1.9 % recorded on the original domain.

User Experience

Page load times from a vanilla Tor Browser 12.5 circuit hover around 3.8 s—acceptable, though slower than ASAP or Bohemia. The layout is mobile-first: category menus collapse into a hamburger, and product photos are WebP, cutting bandwidth by ~ 30 %. Search accepts regex if you wrap the query in forward slashes; handy for filtering pharmaceutical imprints. One annoyance carried over from earlier mirrors: the captcha is case-sensitive and uses the DejaVu font, so “l” and “I” look identical; most people fail on the first attempt. Otherwise the workflow is standard: add to cart → choose shipping profile → fund the unique integrated address. Confirmation requires two on-chain Monero confirmations or one BTC confirmation; in practice XMR is ready for vendor acceptance in about 4 min.

Reputation and Trust

Thor’s biggest asset is its veteran vendor pool. Roughly 62 % of the top 200 sellers by volume migrated from White House Market after its April 2022 exit, bringing established PGP keys and rep threads. Mirror-5 displays cumulative sales next to each username, but the number is self-reported; the safer metric is the “verified since” date that only updates if staff manually link the old White House or ASAP profile. Buyers can also click the “cross-market” tab to see a vendor’s handles on other live markets; the data is scraped nightly and PGP-signed, making forgery expensive. Community sentiment on Dread is cautiously positive: no unexplained withdrawals, no fake .pgp signature spam, and the canary—while terse—has been renewed every 30 days like clockwork. Still, the March downtime reminded everyone that Thor operates without a bug bounty or open-source codebase, so trust is ultimately social, not technical.

Current Status & Reliability

As of this writing Mirror-5 has been unreachable for a cumulative 11 h over the last 30 days, almost all during European night-time when the nginx guard nodes reload. That yields 99.4 % uptime—competitive with the larger multivendor platforms. Deposit addresses rotate every 48 h, and the hot-wallet balance has stayed within the advertised ceiling, so no obvious exit-scam preparation is visible. One subtle change: staff now require vendors to sign their mirror list updates with both the old and a new PGP sub-key, a hedge against the master key being compromised. Withdrawals are processing in the advertised 0–45 min window; the only hiccup last week was a 3 h backlog when Monero’s network difficulty retargeted and blocks slowed to 3 min.

Conclusion

Thor Darknet Mirror-5 is, for now, the most reliable door into the Thor ecosystem. It offers the same feature set that made the original market popular—tight escrow, low fees, Monero-native workflow—without the flashy gimmicks that often precede an exit scam. The March outage underlined the fragility of single-points-of-failure even within Tor hidden services, yet the team’s measured response and transparent stats page have kept panic to a minimum. If you already have an account, importing your PGP key into Mirror-5 is seamless; if you are new, treat it like any other dark-net portal: verify the signed link from two independent sources, fund with XMR, and never leave coins idle. Mirror-5 may vanish tomorrow or persist for another year—no one can predict—but while it is up it behaves like a service run by professionals who understand both opsec and customer retention.