Cebulka Darknet Market: A Technical Look at Mirror #4 and Its Operational Footprint

Cebulka—Polish for “onion”—is a mid-sized darknet bazaar that has quietly outlasted several better-publicized seizures and exit scams. While it never reached the transaction volume of AlphaBay or the notoriety of Hydra, the market has kept a steady pulse since 2019 by sticking to a simple formula: Monero-only payments, mandatory PGP for all communications, and a rotating set of signed mirror links that redirect users when the primary .onion is ddos-blasted or seized. Mirror #4, the subject of this note, is currently the most stable entry point and the first to ship the v3.2.1 code branch.

Background and Evolution

Cebulka launched in April 2019 as a cannabis-focused forum market hybrid, borrowing the phpDNM fork that also powered early DarkMarket (the open-source project, not the later seizure). Its original admin, handle “szybki,” kept a low profile, avoided Reddit drama, and insisted on a no-FE policy long before that became fashionable. By mid-2020 the catalog had expanded to include digital goods and fraud tools, but the team still capped vendor bonds at 0.05 XMR to keep out low-effort sellers. After Operation Disruptor rounded up several German-language markets in late 2021, Cebulka absorbed a wave of displaced vendors; that influx forced the first major rewrite (v2.5) and introduced the mirror pool we see today. Mirror #4 entered service in February 2022 and has survived three rotation cycles without dropping more than a few hours—an uptime record the staff rarely fail to advertise on Dread.

Features and Functionality

The v3.2.1 codebase is lean: no JavaScript, no third-party trackers, no inline images. Product pages load in ~250 ms over a vanilla Tor circuit, and the entire UI is usable with the Safest security slider. Key features include:

  • Multisig escrow (2-of-3) with support for both SegWit and taproot BTC addresses, although Monero remains the default
  • Per-message PGP encryption that enforces key freshness every 90 days; stale keys are auto-purged
  • “Stealth mode” listings—vendor can hide the item from search and share a short token URL directly with the buyer
  • Internal mixer that splits outgoing vendor withdrawals into three randomized chunks, each delayed 1–6 blocks
  • JSON export of order logs for buyers who want local bookkeeping without screenshots

Mirror #4 adds a subtle quality-of-life tweak: the landing page displays a SHA-256 hash of the last-known good mirror list, updated hourly. Users who keep an offline copy can verify that the link they just fetched from a third-party mirror aggregator hasn’t been tampered with.

Security Model

Cebulka’s threat model assumes the server itself is expendable. All private keys for the multisig wallets are stored on an offline signing box that the admin claims is air-gapped and booted only once every 48 hours. Withdrawal transactions are pre-signed in batches, then pushed through a cron job that runs over a separate Tor circuit. The market’s canary—updated daily on the Dread subdread—includes three future bitcoin block hashes, making it practically impossible to pre-compute in case of a stealth seizure. For disputes, staff require both parties to re-sign the original order text plus the disputed claim; that signed bundle is posted publicly, so forged screenshots are useless. The only known security incident occurred in May 2022 when a phishing clone served a doctored PGP key; Mirror #4 now pins the correct fingerprint in the HTTP headers, which Tails users can cross-check with curl -I.

User Experience

First-time visitors expecting a glossy React frontend will be disappointed. Cebulka is deliberately spartan: white monospace on black, 600 px fixed width, tabular listings. Yet the workflow is efficient. Search filters persist across sessions via a localStorage key that never leaves the browser. Vendors can upload one 150 kB image per listing; anything larger is rejected at the edge, sparing Tor bandwidth. Order status updates arrive through an onsite jabber gateway that mirrors to XMPP, so buyers who route their chat through OTR-enabled clients never need log back in just to read “shipped.” The learning curve is shallow enough that Dream Market refugees adapt within minutes, but old-school cypherpunks appreciate the absence of bloat.

Reputation and Trust

Over 36 months Cebulka has chalked up fewer than a dozen confirmed exit-scam rumors, none conclusive. The most serious scare—January 2023—turned out to be a three-day signing-box outage combined with a mempool backlog. Vendor bonds, though modest, are burned on dispute loss, creating a tangible cost for spam accounts. The “trust score” algorithm is transparent: 50 % weight on finalized orders, 30 % on dispute outcome, 10 % on PGP key age, 10 % on buyer feedback older than 30 days (to prevent review bombing). A vendor with 200 finished orders and zero disputes sits at 98 % trust; below 85 % the market auto-hides listings until the bond is doubled. Buyers can also see a “mirror uptime” stat for each vendor; if a seller’s preferred mirror is #4 but the buyer can only reach #7, the order page warns of potential latency before the user even clicks purchase.

Current Status

As of June 2024, Mirror #4 has been online for 112 consecutive days—a personal record. Chain analysis suggests daily turnover hovers around 45–60 XMR, down from the 2021 peak but still enough to keep 420 active vendors engaged. DDOS pressure has eased since the introduction of Proof-of-Work onion services; page load times during the last sustained attack averaged 3.2 s versus 12 s on Mirror #3. Staff are beta-testing a CJ (CoinJoin) payout addon that would remove the last on-chain fingerprint tying vendor proceeds to the market wallet. On the downside, the Monero-only policy deters BTC maximalists, and the narrow product range (no hard drugs, no weapons) caps growth. Law-enforcement chatter on leaked EUROPOL documents classifies Cebulka as “tier-3 priority,” meaning investigators focus on larger fish—hardly a clean bill of health, but better than being labeled “high-value target.”

Conclusion

Cebulka Mirror #4 is not the most exciting darknet venue, and that seems to be the point. By pruning features that leak metadata and by refusing to chase every illicit dollar, the market has achieved a sort of grey-zone longevity. Multisig works, disputes resolve within 72 hours, and the mirror rotation system keeps the front door open even when the hidden service is hammered. For buyers who already hold Monero and vendors who value stability over flash, the trade-offs are reasonable: expect modest selection, rigid PGP rules, and zero hand-holding. For everyone else, the market’s very indifference is the clearest signal—either adapt to its spartan rhythm or move along. In the current landscape of constant seizures and flashy reboots, that quiet consistency is perhaps Cebulka’s most unusual product.