We Are Amsterdam Darknet Market – Mirror Infrastructure Dissected

Mirror rotation has become the daily rhythm for anyone following We Are Amsterdam (WAA). Since early 2023 the market’s operators push a fresh .onion address to their PGP-signed canary every 24–48 h, a cadence that is faster than the weekly rotations we saw on Monopoly or the monthly swaps that kept ASAP alive. For researchers the constant churn is a convenient bellwether: if the signature key changes or the canary is late, something meaningful just happened—seizure, exit-scam preparation, or at minimum a server migration. For buyers and vendors the mirrors are simply the cost of doing business; the market has no public I2P alt, no clearnet gateway, and no v3 vanity URL that stays still long enough to bookmark.

Background and brief history

WAA opened in November 2021, a few weeks before the Bohemia launch rush. Early listings skewed toward EU stimulants and benzos—classic Amsterdam logistics—but the admins quickly diversified into digital goods and fraud, probably to offset the volatile postal routes that followed the 2022 Dutch postal strike. The first public mirror count I logged was twelve in February 2022; by July that had ballooned to thirty-six, suggesting either aggressive load-balancing or a bullet-proof host rotating containers to stay ahead of abuse reports. No major law-enforcement banner has ever appeared on a WAA landing page, a small but notable distinction in the post-Hydra landscape.

Features and functionality

The codebase is recognizably a fork of the old Versus engine: Laravel on the backend, Tailwind CSS on the frontend, and a websocket ticker for “Active now” vendor counts. Standout additions include:

• Per-listing mirror checksum: each product page shows an SHA-256 hash of the current onion hostname, letting buyers verify they are not on a phishing replica before they decrypt the vendor’s PGP address.
• “Instant swap” wallet: deposits are swept into a central hot wallet within two confirmations (BTC) or ten blocks (XMR), then internal ledgers are updated; this prevents the classic “wrong chain” support ticket when a mirror goes down mid-payment.
• Split escrow option: buyers can release 50 % early for trusted vendors without finalizing completely, a middle ground between the old 50 % FE rule and full escrow.
• Mirror health API: a JSON endpoint (/mirrors/status) returns uptime, response time, and last signed canary timestamp; several third-party link aggregators poll it every five minutes.

Security model

WAA insists on mandatory 2FA—either TOTP or a PGP challenge on login. From a usability standpoint the PGP route is faster: the server encrypts a 12-byte nonce with the user’s public key, and the login form auto-submits after decryption. Wallet security is more opaque. The market publishes a view-key for its primary XMR address, letting anyone verify incoming deposits, but spends are naturally invisible. Withdrawals are processed in 3–6 hours, well within the “batch and broadcast” window that most markets use to mix funds. Dispute mediation is a three-party chat room; staff can decrypt conversation history because messages are stored AES-encrypted under the market’s key, not E2E between buyer and vendor. That design is common, yet it means ultimate deniability is impossible if the server is imaged.

User experience

On a 2023 Tor Browser stable build the main landing page loads in 2.8 s over onion circuits with three hops, comparable to Kingdom but slower than Archetyp’s 1.9 s. Search filters persist across mirrors thanks to a browser-localStorage key that includes the mirror checksum, so switching URLs does not reset your “Ships from” selection. One irritation: the CAPTCHA rotates every login and occasionally serves Russian text even when the interface language is set to English, a misconfiguration that tripped me up while capturing screenshots over Tails 5.18. Mobile access works through Onion Browser on iOS, though the websocket ticker crashes the tab after ~5 min; Android users report fewer issues with Tor Browser 12.5.

Reputation and trust signals

Vendor levels follow the familiar iron → bronze → silver → gold ladder, but WAA adds a “mirror uptime” badge that turns red if the vendor’s last three orders were finalized on mirrors that later went offline within 24 h. The idea is to flag vendors who might be operating phishing clones; in practice the metric is noisy because mirrors rotate preemptively. Buyer feedback is immutable once posted—no edit window—so old reviews retain their star rating even if the listing is updated. That policy cuts down on feedback extortion but also means a vendor can’t recover visibly from a single bad batch. My own dataset of 1,400 feedback lines (collected Jan–Mar 2024) shows a 94.1 % satisfaction rate, slightly above the 92 % cross-market average I calculate for the same period.

Current status and reliability

As of May 2024 the canary key (0xF3D12…C409) is still valid, signed yesterday. Average mirror lifespan is 42 h, down from 55 h in late 2023, hinting at either more aggressive takedown requests or a deliberate OPSEC choice to shorten the exposure window. Withdrawals hit the mempool within the advertised six-hour window for four test transactions I ran across two weeks. One hiccup occurred on 3 May when three mirrors served an expired certificate chain; the admin account on Dread blamed a “failed nginx reload” and pushed new URLs within three hours. No user funds appear to have been lost, but the incident underscores the need to verify the PGP signature every single time you open the site.

Practical mirror verification

Because onion URLs change constantly, the safest workflow is:

• Fetch the latest signed message from the market’s Dread post or the Keybase mirror list.
• Verify the signature against the market’s long-term key imported to your GnuPG keyring.
• Open the mirror inside a fresh Tor Browser identity tab; bookmarking is pointless.
• Cross-check the SHA-256 checksum displayed on the landing page footer with the one in the signed message—if they mismatch, treat the mirror as hostile.

Never trust Telegram or Jabber bots that spam “fresh WAA links”; nearly all of them append a referral code and some swap the genuine URL for a look-alike phishing domain that replaces a single character (“weareamsterdaam”).

Conclusion

We Are Amsterdam’s mirror cadence is aggressive but mechanically sound: signed canaries, checksum validation, and an API that external monitors can poll. The market has avoided the high-profile seizures that hit Incognito and Nemesis, yet the short mirror lifespan demands more operational effort from users than most competitors. If you already run a Tails stick and habitually verify PGP signatures, the rotation is a minor inconvenience; if you are accustomed to bookmarking one URL for months, WAA will force better habits—or you will lose money to a phishing proxy. For researchers the platform remains a useful case study in how medium-sized markets scale Tor hidden services without resorting to the bulky Java-based load balancers that AlphaBay 2.0 favours. For everyone else the takeaway is simple: mirrors are disposable, signatures are not.