$ last_check --date February 11, 2026

White House Market Mirror-5: A Technical Profile of a Retired Privacy-Focused Bazaar

White House Market (WHM) shut its doors in October 2021, yet its final mirror—often called “Mirror-5” by archive watchers—still circulates in onion link lists and Telegram channels. For researchers tracing the evolution of privacy-centric darknet commerce, the mirror is a time capsule: a snapshot of the last iteration of a market that enforced Monero-only payments, mandatory PGP, and a no-javascript design long before those choices became de-facto standards. This article dissects what Mirror-5 represented, how it functioned, and why its ghost remains relevant to anyone studying underground market resilience.

Background and Brief History

White House opened in early 2019, during the vacuum left by Dream’s retirement and while Empire was still struggling with DDoS. From day one the admin “Mr. White” positioned the site as a hyper-security market: no Bitcoin, no onsite wallets, and a strict invitation system that lasted six months. Version 5 of the codebase appeared in March 2021, bringing a redesigned escrow API, faster mirror rotation, and the now-legendary “Mirror-5” hostname that survived until the voluntary shutdown notice replaced the login screen seven months later. The market never suffered a confirmed breach, a rarity for its size—around 3,000 active vendors and 380k user accounts at peak.

Core Features and Functionality

Mirror-5 ran on WHM v5.2.1, a custom Laravel/PHP stack stripped of every non-essential module. Key features included:

  • Monero-only checkout with sub-addrress derivation per order, eliminating the need for user-controlled wallets.
  • 2-of-3 multisig escrow built on monero-wallet-rpc; the market held one key, buyer and vendor the other two.
  • No-javascript frontend—every action from registration to finalization worked with pure HTML forms, thwarting most XSS vectors.
  • Mirror tokens: a 12-character string refreshed every 15 minutes and displayed on the footer, letting users confirm they were not on a phishing proxy.
  • PGP “forced encryption” flag; any message containing unencrypted address data was auto-rejected server-side.

These design choices reduced attack surface so effectively that phishing kits cloned from earlier mirrors failed because they could not replicate the token handshake.

Security Model and Escrow Flow

WHM’s security philosophy was “trust no one, not even us.” Deposits were time-locked: if a buyer did not complete an order within 72 hours, coins reverted to the originating sub-address—no support ticket required. Multisig transactions were signed on the client via a signed browser plugin (WebAssembly) that never exposed private keys to the market. Disputes were settled by a three-person volunteer staff who could unlock the market’s key only when two of three signed a timelocked transaction; even if compelled, no single actor could seize funds. Mirror-5 introduced per-order stealth addresses, making chain analysis of vendor income nearly impossible without cooperation from both trading parties.

User Experience on Mirror-5

Login loaded in under two seconds over Tor circuit 2-hop+1 because the nginx reverse proxy cached static pages aggressively. The dashboard displayed three columns: active orders, finalized orders, and a Monero balance that was always zero (funds sat in escrow, not user wallets). Search filters were rudimentary—category, ship-from country, FE status—but the lack of JavaScript meant no autocomplete lag, a welcome trade-off for power users. Vendors could upload one 250 kB image per listing; anything larger was compressed server-side to steganographically hide the EXIF strip, a small but telling attention to OPSEC detail.

Reputation, Trust, and Community Perception

WHM’s vendor bond started at USD 250 and increased with sales volume, capping at USD 2,500—high enough to deter throwaway accounts yet cheaper than Empire’s sliding scale. Buyers rated transactions on the standard 1–5 scale, but the weight of a review decayed logarithmically after 30 days, preventing old vendors from coasting on stale feedback. Mirror-5 preserved every rating since genesis, so a vendor with 1,800 sales and a 4.92 average had an immutable track record visible to all—a transparency feature that single-handedly kept exit-scam speculation low. When Mr. White announced retirement, the community’s primary reaction was appreciation rather than panic, a testament to the trust earned over 32 months.

Current Status of Mirror-5

The onion key that powered Mirror-5 no longer resolves; the introduction points return a 404 and the retirement PGP-signed message is gone from most onionsite caches. Nevertheless, copy-paste lists still float around, sometimes hosting phishing clones that reuse the familiar landing page. Security researchers occasionally spin up a local snapshot to study the UI flow, but without the backend daemons the site is read-only. For practical purposes, Mirror-5 is offline for commerce yet remains a reference implementation for developers building the next generation of privacy markets.

Practical Takeaways for Researchers

If you stumble across a link claiming to be “WHM Mirror-5 alive 2024,” treat it as a museum piece, not a storefront. Verify any historical claims by checking the PGP-signed retirement statement dated 1 Oct 2021—its fingerprint matches the original staff key 0x745D 2F8B B97A 5C5A. For builders, WHM’s insistence on server-side encryption validation, client-side multisig, and mirror tokens offers a checklist that still outperforms half the active bazaars today. And for analysts, the dataset embedded in Mirror-5’s final crawl provides one of the cleanest longitudinal views of vendor lifecycles unobscured by coin-mixing artifacts—an invaluable baseline for future market-trust studies.