Prime Market Updates: News & Timeline

The traditional image-based CAPTCHA on the login and registration pages has been replaced with a client-side proof-of-work challenge. Instead of identifying distorted text or selecting images, users now complete a brief computational puzzle that runs locally in the browser. This approach eliminates accessibility issues with visual CAPTCHAs while providing stronger protection against automated credential stuffing and bot registration. The proof-of-work difficulty adjusts dynamically based on current server load, keeping solve times between 2-5 seconds for legitimate users while making large-scale automated attacks computationally expensive.

Two additional .onion mirror addresses have been deployed across geographically distributed servers. The new mirrors operate behind a load-balancing layer that automatically routes users to the fastest available instance. This brings the total mirror count to 5, significantly improving resilience against targeted DDoS attacks.

The platform now generates unique Monero subaddresses per transaction rather than per user. This eliminates the possibility of linking multiple deposits to a single buyer account through on-chain analysis. Existing deposit addresses remain functional but will be deprecated over the next 30 days.

A coordinated phishing campaign was identified distributing fake Prime Market links through Dread and Telegram. The phishing sites replicate the login page but redirect credentials to attacker-controlled servers. Users are reminded to only use links from verified sources and to always verify the .onion address character by character.

Launched an overhauled vendor verification process. New vendors must now provide a PGP-signed application, complete an identity challenge, and post a higher initial bond. In exchange, verified vendors receive expedited dispute resolution and priority listing placement. The goal is to reduce scam accounts by raising the cost of entry.

All marketplace services have been fully migrated to Tor v3 onion addresses (56 characters). Legacy v2 addresses (.onion with 16 characters) are no longer supported by the Tor network. If you have bookmarked an old 16-character address, it is no longer valid — update to the current address listed on our access page.

The auto-finalization window for standard escrow orders has been extended from 10 days to 14 days. This change accommodates international shipments that frequently require longer delivery windows. Buyers retain the ability to manually finalize at any point before the timer expires.

Results from the annual third-party security audit have been published. The audit covered server infrastructure, escrow wallet architecture, and the web application layer. Two medium-severity issues were identified and patched prior to publication. No critical vulnerabilities were found. The full report hash (SHA-256) is available on the marketplace's canary page.

2-of-3 multisignature escrow is now available for Monero transactions in addition to Bitcoin. This was a frequently requested feature. Monero multisig is technically more complex than Bitcoin multisig due to the requirement for multiple communication rounds between signers, but the implementation handles this transparently — buyers and vendors interact through the same escrow flow they're familiar with.

Updated listing guidelines now require vendors to strip EXIF metadata from product images before upload. The marketplace will also automatically strip metadata server-side, but vendors are encouraged to sanitize files locally first. This prevents accidental exposure of device identifiers, GPS coordinates, or timestamps embedded in photos.

Withdrawal fee estimation for Bitcoin has been updated to use real-time mempool analysis instead of static fee tiers. This reduces overpayment during low-congestion periods and ensures timely confirmations during high-traffic blocks. Average user savings estimated at 15-25% on withdrawal fees.