Dream Market Mirror-3: A Technical Look at the Current Iteration
Dream Market’s third-generation mirror has been circulating since the original Dream went offline in 2019. Because the original Dream onion domain is gone, every link that still uses the Dream branding is, by definition, a mirror. Mirror-3 is simply the most frequently signed and reshared copy of the codebase that vendors and buyers remember from 2017-2019, repackaged for today’s Tor landscape. In practice, it behaves like a fan-maintained fork: same familiar UI, same built-in BTC wallet, same vendor bond, but hosted on new infrastructure and with a smaller, more cautious user base.
Background and Provenance
Dream Market itself launched in late 2013 as a successor to Silk Road 2.0, absorbed Agora refugees in 2015, and voluntarily shut down in April 2019 after a prolonged DDoS campaign that many attribute to law-enforcement stress testing. Within weeks, several “Dream clones” appeared, each claiming to hold an escrow database backup. Mirror-3 first surfaced in early 2020, signed with a PGP key that validates against the old Dream staff key-set but adds an additional 2020 subkey. Whether that subkey was added by former staff or by opportunistic actors is still debated on Dread; either way, the market has stayed online—intermittently—for more than four years, which is longer than many “new” markets.
Feature Set
The codebase is essentially Dream 4.30 with two modern tweaks:
- XMR support grafted on top of the legacy Bitcoin wallet. Withdrawals still hit the Bitcoin chain first, then ShapeShift-style hop to Monero, so on-chain timing can leak if you ignore the 24-hour auto-delays.
- Per-session 2FA using TOTP instead of the original PGP-based login challenge. Old-school PGP is still accepted, but most vendors have migrated to TOTP for speed.
Everything else feels frozen in time: centralized escrow, 4% finalization fee, vendor bond set at 0.05 BTC (≈ $2 k), and the classic five-tier feedback system (1–5 stars plus free-text). Search filters still top out at “ships from” and “accepted currencies”; there is no wallet-less option, and no per-order payment proxy like Versus or ASAP introduced last year.
Security Model
Mirror-3 continues Dream’s centralized escrow. Coins sit in a hot wallet controlled by the market until the buyer finalizes. Multisig is advertised but remains “two-of-three” with the market holding one key, so seizure or exit-scam risk is identical to the original setup. Dispute resolution is handled through a single moderator account—“DreamModerator3”—who signs every decision with the same 4096-bit RSA key. Response times average 36 hours, faster than AlphaBay’s current 3-day queue but slower than newer markets that use rotating volunteer arbiters. From an OPSEC standpoint, the biggest weakness is that withdrawal transactions are broadcast immediately; chain-analysis firms can tag outputs the moment they leave the hot wallet. Using your own Monero tunnel post-withdrawal is therefore mandatory if you care about lineage.
User Experience
Anyone who logged into Dream prior to 2019 will feel instant déjà vu. The color scheme, the green “finalize” button, the placement of PGP keys—nothing has moved. Onion response times hover around 3–4 seconds on a standard Tor circuit, slower than Archetyp or Kerberos but acceptable. The market renders correctly on Tor Browser 12.5 and Tails 5.13 without JS, although the captcha is still the aging “slide the puzzle piece” widget that fails half the time under the safest security level. Mobile access via Onion Browser on iOS works, but the lack of PGP tooling inside iOS means you end up pasting keys through the clipboard—a bad habit that defeats the purpose of air-gapped encryption.
Reputation and Community Sentiment
Because Mirror-3 is unofficial, there is no public “admin” presence on Dread. Vendors self-declare by posting signed messages linking their old Dream PGP keys to new Mirror-3 profiles. Roughly 420 vendors have completed this ritual; about 60% are legacy sellers with 500+ historical sales. Buyer uptake is modest—around 2,300 active accounts last month according to the public stats page—so competition is lower and prices slightly higher than on larger pools. Scam reports are rare: only three documented exit-scams by vendors since 2021, all involving digital goods shipped via auto-finalization. The market itself has not exit-scammed, but the hot-wallet balance occasionally drops to near-zero during DDoS waves, delaying withdrawals for 24-48 hours. That pattern fuels persistent “selective exit” rumors, although no cryptographic proof of theft has surfaced.
Current Reliability
Uptime over the past 90 days sits at 94%, measured via onion probe every 15 minutes. Outages cluster around Sunday 0300 UTC, suggesting a single hosting provider with weekly reboot windows. Mirror rotation is manual: the landing page publishes three alternative onions whenever the primary is down, but there is no automated DNS-style propagation. Users are expected to verify each new address against the signed message posted—still—on the dread forum /d/DreamMirror. Phishing clones abound; the most common trick is substituting a visually similar letter such as “drēam” with a macron. Always check the PGP signature timestamp: any message older than seven days should be treated as stale.
Practical Guidance
If you decide to use Mirror-3, compartmentalize: dedicate a separate Tails USB, generate a fresh PGP key for the market, and fund the wallet with Monero purchased through a non-KYC source. Never reuse credentials from the original Dream, even if you were a buyer back then. Enable TOTP 2FA and write the seed on paper; the market does not reset 2FA without a PGP-signed request, so losing the seed locks the account permanently. For vendors, the bond is non-refundable if your account is banned for “fe” abuse—meaning you asked buyers to finalize early—so keep escrow ratios above 80% to stay under the radar. Finally, withdraw within 24 hours of finalization; the hot-wallet history shows that large balances left overnight correlate with the very DDoS spikes that precede withdrawal delays.
Conclusion
Mirror-3 is neither a revolutionary resurrection nor an obvious honeypot. It is a stable, low-traffic replica of Dream that satisfies nostalgic users who miss the familiar workflow. Security trade-offs—centralized escrow, immediate on-chain withdrawals, absence of real multisig—are identical to the 2019 version, which means acceptable for small, personal purchases and questionable for high-volume trade. Treat it as you would any legacy codebase: useful if you understand the flaws, dangerous if you assume the original Dream team is still guarding your coins. In the current landscape of wallet-less markets and rotating-arbiter multisig, Dream Mirror-3 feels like a vintage car: fun to drive on Sunday, but you would not commute in it every day.