Black Pyramid Market: Technical Profile of a Long-Running Tor Bazaar

Black Pyramid has survived longer than most Tor-only bazaars, quietly processing orders while flashier competitors exit-scammed or were seized. Analysts track it because the codebase has remained surprisingly stable since 2019, implying either disciplined devOps or a very cautious DDoS mitigation strategy. For researchers, the site is a useful case study in how mid-tier markets keep the lights on when larger venues collapse.

Background and Evolution

The first public references to “Black Pyramid” appeared on dread posts in early 2019, shortly after the fall of Dream Market. Early versions ran on the classic “EC” market script, but the admin forked it within months, removing the bulky chat module and adding per-order stealth shipping profiles. No grand reopening announcements followed—new accounts were simply activated by invitation, a pattern that kept growth slow and OPSEC tight. The only noticeable rebrand occurred in mid-2021 when the captcha system switched from textual to SVG-based challenges, presumably to frustrate mirrors that were screen-scraping listings.

Core Features

The market is minimalist: no on-site wallet, no exchange, no coin mixer. Buyers send the exact amount shown at checkout to a one-time integrated address; the server watches for two confirmations, then forwards the coin to cold storage. Vendors pay a 4 % commission on completed orders, reduced to 3 % for sellers with ≥500 finalized deals. Other notable mechanics include:

  • Multisig escrow (2-of-3) offered for BTC orders; Monero orders default to standard escrow with a 14-day auto-finalize timer
  • “Stealth mode” listings whose titles and photos are visible only to users who have PGP 2FA enabled
  • Dispute button appears after 72 h in transit, but both parties must upload PGP-signed statements; staff rarely resolves before day 10
  • No FE (finalize-early) toggle—admin claims this reduces drama, yet some established vendors are quietly granted FE on a per-listing basis

Security Architecture

Black Pyramid runs behind a rotating set of .onion guard relays; the main server is never reached directly, and a separate clearnet proxy handles image caching so that product photos don’t transit exit nodes. Session cookies are tied to a salted hash of the user’s password plus a server-side nonce, which limits cookie replay if the hidden service key leaks. PGP is mandatory: withdrawal addresses, dispute evidence, and even support tickets must be signed. The market’s own key has remained unchanged since 2020—either a deliberate trust anchor or a red flag, depending on your threat model. A bug bounty program (paid in XMR) has patched three XSS vectors reported by grey-hats, suggesting at least one developer reads security mailing lists.

User Experience

Newcomers face a deliberately steep learning curve. Registration requires an invitation code, a fresh PGP key, and the solution of a client-side proof-of-work challenge that takes ~10 s on a laptop—effective against low-effort crawlers. Once inside, the layout is sparse: left column shows categories, center pane lists offers, right pane is an order tracker. Search filters work—country, price band, min vendor level—but there is no “sort by reputation,” a quirk that forces buyers to open profiles manually. Mobile access is possible with Orbot, yet the CSS breakpoints feel like an afterthought; buttons overlap on 5-inch screens. On the plus side, page weights are tiny (<150 kB), so pages load even under heavy guard-DDoS.

Reputation Dynamics

Vendor levels range from 0 to 10, incremented by finalized sales and decremented by disputes lost. A level-5 badge roughly equals 100 successful orders with <2 % dispute rate. Buyers rate out of five on “stealth,” “comms,” and “quality,” but written feedback is hidden after 30 days—an anti-doxxing measure that also erases early scam warnings. The forum mirror is off-site (ZeroBin clone) and wipes threads every 90 days, so historical grievances vanish unless archived by third parties. This amnesia helps scammers re-register under new handles, a weakness the admin counters by charging a 0.005 BTC vendor bond that is only returned after 50 sales.

Current Operational Health

During the April 2024 Tor congestion attack, Black Pyramid’s uptime hovered around 82 %, better than many peers but still frustrating for users. Mirror rotation happens through a JSON file signed with the market’s stationary PGP key; valid copies propagate on Dread, Telegram channels, and two Pastebin accounts. Chain analysis shows deposit wallets are drained every ~18 h to a cluster tagged by Elliptic as “Black Pyramid cold,” so far with no obvious mixing downstream—either the operators trust their own coinjoin or they simply hoard. No confirmed exit-scam wallets have appeared, and withdrawal delays rarely exceed six hours, giving the market a “reliable but not glamorous” reputation.

Conclusion

Black Pyramid is engineered for longevity, not spectacle. Strict invitation limits, conservative coin handling, and refusal to implement flashy but risky features have kept it under law-enforcement radar, yet the same policies produce thin inventory and slow support. For researchers, it demonstrates how reducing attack surface can be more effective than chasing maximal revenue. For participants, the usual warnings apply: rotate keys, verify mirrors out-of-band, and never trust any market to stay online tomorrow. In the current landscape of frequent seizures and quick exits, Black Pyramid’s four-year run is noteworthy, but past endurance is never a promise of future survival.