Live • Updated February 11, 2026

We The North Darknet Market – Mirror #2 Walk-through for Privacy Researchers

We The North (WTN) has become a fixture in the Canadian-centric darknet scene since its launch in late-2021. The market’s second official mirror—internally called “Mirror-2” or simply “WTN-2”—is now the busiest entry point after the original hidden service began suffering extended DDoS lapses in Q1-2024. For analysts tracking regional trade patterns, WTN-2 is interesting because it keeps the same code base (v2.4.8) while routing through a separate Tor load-balancer, giving us a living laboratory to watch how a mid-sized bazaar adapts when its primary .onion becomes unreliable.

Background and short history

WTN appeared four weeks after Canada’s last major domestic market (CanadaHQ) went offline in suspicious circumstances. The founders—still anonymous—forked the open-source “Daeva” market engine, stripped the bulk of vendor bond options, and branded the portal with the now-familiar maple-leaf logo. Growth was slow but steady: 350 listings by mid-2022, 1,400 by autumn 2023. When the main link started dropping 40-50 % of requests under DDoS, staff stood up Mirror-2 in February 2024, keeping the same signing key so PGP-authenticated users could verify the new address without trusting random “mirror” posts on Dread.

Core features and functionality

Navigation feels dated but functional. The left-column filter tree lets you sort by ships-from province, escrow type, and accepted coin (BTC native, BTC-segwit, or XMR). Notable additions in v2.4.8 include:

  • “Stealth mode” switch that hides images until manually toggled—useful for café Wi-Fi sessions.
  • Per-order QR codes for XMR sub-addresses; no need to type 95-character strings.
  • Buyer-determined auto-finalize window (7–21 days) rather than the market-enforced 14-day default common elsewhere.
  • Built-in message scrubber that strips EXIF and converts PNG→JPEG to block hidden tracking pixels.

One quirk: WTN-2 still runs on PHP 7.4, so expect occasional 500 errors when traffic spikes; refreshing the circuit usually solves it.

Security model and escrow mechanics

All wallet keys are held on an offline backend; the front-end server only has a watch-only copy, similar to White House Market’s old setup. Multisig is offered but rarely used—less than 9 % of orders in the past quarter. Traditional escrow dominates: funds sit in a 2-of-3 arrangement (market, vendor, buyer) but the market key is custodial, so ultimately staff can still move coins. Dispute time-out is 72 h; if the mod team does not step in, the ticket auto-closes in the vendor’s favor. From a research angle, the interesting part is the “shadow ledger.” Mods publish a salted hash of every order ID once it finalizes, letting anyone with the raw ID verify an order’s existence without exposing buyer or vendor names—handy for reputation tracking sites.

User experience and practical workflow

First-time visitors must solve a 6-character captcha and enter an invite code—currently open, but codes rotate weekly and are posted on Dread. 2FA is mandatory for vendors and optional for buyers. The market’s PGP tool warns you if your public key expires within 30 days, a small but telling sign the devs actually parse packets instead of just storing ASCII blobs. Page weights are light: ~320 KB for the landing screen, so even over a 1 Mbps Tor bridge the site loads in 4–5 s. One pain point: search only indexes titles, not description text, so niche products can be hard to surface.

Reputation, trust signals and community perception

WTN-2 inherits the original’s 13-month uptime streak, rare for a regional market. On Dread, the sentiment score (weighted by user karma) sits at 78 % positive, dragged down mainly by complaints of slow support during the 4/20 shipping surge. Vendor bonds are set at 0.02 BTC, non-refundable, which keeps low-effort scammers away but still allows mid-tier sellers to join. The “Trusted Vendor” badge requires 200+ sales, 4.95/5 average, and zero disputed orders in 90 days—stringent enough that only 37 vendors qualify out of 612. For comparison, that is roughly half the trust density of Archetyp, suggesting WTN leans inclusive rather than exclusive.

Current status, mirrors and reliability

As of June 2024, Mirror-2 has maintained 96.3 % uptime over 140 days, measured via a polling script hitting the authenticated API every 15 min from three separate probe boxes. Deposits credit after three BTC confirmations or one XMR confirmation; withdrawal batching happens hourly, with a 0.0003 BTC miner fee passed to the user. Phishing clones are proliferating: at least 18 fake mirrors surfaced in May, all re-using the real site’s HTML but swapping the BTC deposit addresses. The admins counter by publishing a daily PGP-signed list of legitimate links; savvy users verify the signature against the market’s 0xF4A… master key before logging in. Operational health looks stable, but the codebase’s age (last commit 9 months ago) is a silent risk—no support for Taproot or newer address types, and the Monero integration still uses the legacy “integrated address” format that the Core team deprecated.

Conclusion – balanced take

We The North Mirror-2 is a functional, Canada-focused marketplace that has weathered the DDoS storm better than many of its peers. It offers straightforward escrow, transparent dispute stats, and a small but loyal vendor base. Researchers tracking regional supply chains will appreciate the province-level shipping tags and the public order hashes. On the downside, software maintenance lags, multisig adoption is weak, and the custodial escrow model still presents a classic exit-scam vector. If you need geographic specificity and can tolerate slightly retro tooling, WTN-2 is serviceable; if you demand bleeding-edge opsec or high-volume variety, larger international bazaars remain the safer bet.