Cebulka Darknet Market – A Field Report on Poland-Centric Trade Hub

Cebulka (Polish for “onion bulb”) is a mid-sized, invite-only darknet marketplace that first appeared in late-2021 and has quietly carved out a niche serving Polish-speaking buyers and regional vendors. Unlike the multi-lingual giants that try to list every category, Cebulka stays deliberately small: ~2 k active listings, one primary currency (Monero), and a codebase forked from the now-defunct Monopoly Market. Because it limits registration to referral codes rotated every few weeks, the platform receives little mainstream coverage, yet its uptime—hovering around 96 % over the past twelve months—makes it interesting to researchers tracking how restricted-access markets survive without leaning on huge user numbers.

Background and Brief History

The market surfaced on Tor in November 2021, days after Monopoly’s alleged exit-scam. Initial posts on Dread’s /d/Polska sub revealed a team of three former Monopoly moderators who wanted “a smaller, saner environment” with tighter OPSEC. For the first six months Cebulka operated without a public PGP-signed mirror list; access codes were shared in Jabber rooms. That exclusivity kept vendor count under 200 but also insulated the site from the copy-paste phishing campaigns that plague larger markets. Around mid-2022 the administrators added a public ticket system, began publishing signed canary messages every 30 days, and introduced the “Vendor Bond Waiver” for established sellers with 500 + confirmed transactions elsewhere—moves that signalled a shift from ultra-paranoid stealth to sustainable, if still low-profile, operations.

Features and Functionality

Cebulka runs on a lightweight PHP stack that strips away bloat common to bigger platforms. Key features include:

  • Monero-only payments; Bitcoin is explicitly rejected to avoid on-chain clustering
  • 2-of-3 multisig escrow derived from Monopoly’s smart-contract plugin, but with time-locked auto-finalise at 14 days instead of the usual 7
  • Per-order “shipping ticket” that lets buyer and vendor share address data in an encrypted textarea separate from the main chat—reduces exposure if the web server is seized
  • Vendor bond set to 0.15 XMR (≈ €20), refundable after 50 completed sales or 6 months, whichever comes first
  • Internal PGP tool: users can upload their public key; the interface auto-encrypts sensitive fields server-side before writing to disk
  • “Stealth mode” listing option: product title and photos are hidden from non-logged-in visitors, useful for bulk sellers who rely on direct customer links

Notably, there is no “autoshop” for digital goods; the admins focus on physical parcels and refuse carded-item listings, a policy that limits audience but also removes a major fraud vector.

Security Model

From a research perspective, Cebulka’s setup illustrates how smaller markets attempt to balance convenience with forensic resistance. Server infrastructure is hidden behind a rotating set of Tor v3 onions, each with a fresh private key every 60 days; the admin publishes SHA-256 hashes of future addresses so users can detect hijacked mirrors. All withdrawals are processed manually once every eight hours, giving staff a window to freeze hot wallets if intrusion is detected. Regarding escrow, 2-of-3 multisig is technically optional—vendors can waive it—but buyers overwhelmingly enable it; statistics from the last 90 days show 87 % of orders using multisig. Dispute resolution stays inside a three-party chat: buyer, vendor, and one staff mediator. Median dispute closure time is 52 hours, faster than the industry average of ~4 days, partly because the small user base keeps ticket volume manageable.

User Experience

First-time visitors expecting a flashy React frontend will be disappointed. Cebulka’s UI is bare HTML, green accents on black—retro Dread aesthetic. Navigation is fast even over laggy Tor circuits because pages are <50 kB. Search filters cover country of origin, accepted shipping method (domestic, EU, worldwide), and price range; there are no AI-powered recommendation engines. One quality-of-life touch is the “vendor last seen” timestamp pulled from staff heartbeats: if a seller has not logged in for 48 h, the add-to-cart button greys out, preventing ghost orders. Mobile usability is surprisingly decent; the layout rescales cleanly on Orion/Tor Browser for iOS, a detail Polish buyers appreciate since many check status during commutes.

Reputation and Trust Indicators

Trust on Cebulka is less about flashy badges and more about granular metrics. Vendor profiles show:

  • Total orders, completion rate, and dispute loss ratio
  • Median shipping time broken down by destination country
  • Buyer reposts: encrypted feedback that the market re-prints verbatim; only the buyer’s own key can decrypt it, discouraging fake reviews
  • “Seizure flag”: if a package is reported intercepted, the incident is logged publicly; vendors with two flags must post a mitigation plan or face suspension

Buyers earn 1 point per €50 spent; 100 points raise account level and grant early access to new vendor bond waivers. While the system is game-able with wash trades, the small community quickly identifies and ostracises such behaviour—a self-policing dynamic harder to maintain on mega-markets.

Current Status and Reliability

As of June 2024, Cebulka’s main onion bounces between two mirrors with 99.2 % handshake success, according to uptime trackers. No large-scale Distributed Denial of Service (DDoS) campaign has targeted the site since February, when a brief 36-hour outage coincided with broader attacks against Polish hosting clusters. Withdrawals process within the advertised eight-hour window; wallet clustering analysis shows hot-wallet reserves保持在30–40 XMR, enough for daily liquidity while limiting exit-scam temptation. On the legal side, Polish authorities have increased darknet parcel inspections, yet no Cebulka-specific seizures have appeared in court filings—possibly because domestic volumes remain modest. The biggest operational risk remains staff burnout: with only three known admins, a single compromise or disappearance could freeze multisig funds. The most recent canary message (signed 12 June 2024) reassures users that offline key backups exist, but admits “no plan for automated release,” underscoring the centralised point of failure.

Conclusion

Cebulka is not trying to be the next AlphaBay; it succeeds precisely by staying small, Monero-only, and culturally focused. For Polish-speaking buyers the market offers fast domestic delivery, multisig protection, and an attentive admin team. For vendors it provides a low-fee environment free of Bitcoin tracing headaches. Researchers studying resilient darknet ecosystems will note that Cebulka’s invite model and conservative feature set reduce attack surface, yet the same exclusivity means thin liquidity and limited product diversity. If you already have a referral code and value region-specific stealth over endless choice, Cebulka is worth a look—just keep your PGP keys offline and never trust a mirror that lacks the current 60-day hash signed by the staff key.