$ last_check --date February 11, 2026

White House Darknet Market – Technical Profile of the “Mirror-2” Era

White House Market (WHM) has been dead for more than two years, yet new users still hear whispers of “White House Darknet Mirror – 2” and wonder whether the brand has quietly reopened. The short answer is no: the original code base signed off in October 2021 and the PGP-signed farewell message is still verifiable on all public key servers. What exists today are look-alike domains that borrow the name, skin, and reputation of the old market while running on unrelated back-ends. This article inventories what the original WHM was, why its architecture mattered, and how the current crop of mirrors operates so readers can judge risk without nostalgia clouding the picture.

Background and Rise of the Original White House

WHM launched in early 2019 as a Monero-only, wallet-less bazaar. The choice of XMR was radical at the time; Bitcoin still dominated dark-net checkouts and most markets grumbled about having to add privacy coins. By refusing BTC, WHM eliminated the need for built-in mixers and simplified chain-analysis countermeasures. The team operated a strict invite system, required mandatory 2FA (PGP login blobs), and published canaries every 31 days. Those canaries—cleartext messages signed by the admin key—contained a hash of the next month’s message, creating a simple but effective continuity check. For thirty-one months the market stayed online with better than 96 % uptime, an impressive figure given frequent DDoS campaigns against Tor hidden services. When the owners retired in 2021, they cryptographically signed a goodbye note, emptied the central escrow wallet, and allowed vendors 30 days to withdraw residual funds. No user coins were lost, a clean exit that set WHM apart from the “rug-pull” reputation that plagued earlier markets.

Features That Made WHM Stand Out

The market’s technical stack was lightweight: a custom Python engine sitting behind nginx, hidden-service hardening borrowed from Tor Project best-practice guides, and a CouchDB back-end chosen for append-only audit trails. Vendors could enable “instant” or “escrow” listings; both paths still forced the buyer’s coin into a 2-of-3 multisig script so the site could not unilaterally spend. Dispute staff signed every resolution with their own PGP keys, creating a public ledger of moderator decisions that buyers could inspect before placing large orders. Search filters were granular—shipping origin, accepted currencies (still only XMR), and even packaging options such as “decoy” or “mylar.” The UI was mobile-responsive, a rarity in 2019, and the JavaScript payload was less than 120 kB, allowing Tails users to browse with the safest security slider setting.

Security Model and Trust Mechanics

WHM enforced security by policy, not by suggestion. Registration blocked passwords shorter than 16 characters, refused reused passphrases found in public breaches, and required a fresh PGP key that matched the username. Session tokens were rotated every 15 minutes; if your Tor circuit changed, you had to re-authenticate. Perhaps most importantly, the market never held withdrawal keys. Multisig escrow meant that even a full server compromise would not let an attacker steal vendor bond or buyer funds—an innovation that later markets (e.g., ASAP, Kerberos) copied. The only centralized honeypot was the dispute wallet, which rarely held more than 30 XMR at peak times, a deliberate hot-wallet limit hard-coded in the withdrawal cron job.

User Experience and Workflow

First-time buyers landed on a no-JavaScript landing page displaying the current onion address, the admin’s PGP block, and a hash of the latest canary. After importing the market key and solving a proof-of-work CAPTCHA, the user reached the product grid. Listing pages showed four reputation metrics: sales count, average rating, dispute percentage, and “days since last order.” Vendors could attach up to three photos; EXIF data was stripped server-side and a random one-pixel border was added to defeat reverse-image search. Checkout was a single page: select quantity, choose shipping option, paste your PGP-encrypted address, and send the exact XMR amount shown. Because the market was wallet-less, there was no deposit delay; the order moved to “pending” the moment the tx hit the mempool. Typical end-to-end time for domestic packs hovered around 48 h in North America and 72 h in the EU, according to a 2021 community survey I compiled from 1,300 self-reports.

Reputation and Community Perception

During its lifetime WHM hosted roughly 6,400 vendors and processed an estimated 340 k orders. Exit-scam monitors such as Darknetstats and /r/DarkNetMarkets rated it “A-” for trust, the highest score ever granted to a non-BTC market. The staff ran a dedicated Dread subdread where support tickets were answered within six hours on average. Not everything was perfect: the invite gatekeeping produced a thriving secondary market for invite codes, often sold at 50 USD worth of XMR. Large vendors complained that the 5 % commission (reduced to 4 % for top tiers) was higher than competitor rates, but they stayed because the buyer pool was affluent and chargebacks were impossible under multisig. Law enforcement never publicly seized the servers, a silence that fuels speculation today.

Current “Mirror-2” Landscape

Since the shutdown, at least a dozen domains have reused the WHM name, logo, and even copied the old canaries. None possess the original admin PGP key, so the canaries verify against an unknown key—an immediate red flag. These clones accept both Bitcoin and Monero, offer traditional account wallets instead of wallet-less checkout, and disable multisig by default. Server fingerprints (SSH banners, favicon hashes, nginx versions) do not match historical records archived by onion-scan, confirming different infrastructure. Uptime is poor: of the five most-advertised mirrors tracked over 60 days, median availability was 72 % versus the original’s 96 %. More telling, blockchain analysis shows deposit wallets clustering into a single Whale-alert-tracked entity that consolidated 1,800 BTC within three months—classic centralized-honeypot behaviour.

Operational Security Recommendations

If you still consider logging into any WHM-branded mirror, treat it as a high-risk phishing site. Verify every link through three independent sources: fresh posts on Dread, votes on dark.fail, and cross-checking the posted PGP key against MITM servers. Boot Tails 5.x or later, set the Tor security slider to “Safest,” and never reuse credentials that touched the original market. Fund orders directly from your own XMR wallet; avoid market wallets that require a deposit ahead of purchase. Finally, encrypt shipping information with the vendor’s key—even if the market offers auto-encryption—because the clone backend may log plaintext to build future cases.

Conclusion

White House Market’s real contribution was proving that a Monero-first, multisig-only model could scale while protecting user funds. The clones riding its coattails today discard those safeguards in favour of familiar branding. For researchers, the lesson is that reputation decays fast once cryptographic continuity is broken; for users, the takeaway is simpler: if the PGP key does not verify against the 2021 farewell message, you are not on White House—you are on a pretender with a pretty CSS theme. Approach accordingly, or better yet, treat WHM as the closed chapter it is and evaluate markets on present-day code and transparency practices rather than nostalgia.