Headline
BreachForums Resurfaces on Original Dark Web (.onion) Address
BreachForums resurfaces on its original .onion domain amid law enforcement crackdowns, raising questions about its admin, safety and future.
The notorious cybercrime and hacker platform BreachForums has mysteriously resurfaced on its original dark web .onion domain. The site appears to be fully restored, including its infrastructure, user-leaked databases, official breach listings and forum posts.
For your information, in early April 2025, both the clearnet and dark web domains of BreachForums went offline without explanation. Members speculated about possible law enforcement action or a forum seizure.
Then, on April 28, as reported by Hackread.com, the forum’s homepage was replaced with a message stating that a MyBB 0-day vulnerability had left the site exposed to infiltration attempts by law enforcement, and it needed to be taken offline until the issue was resolved. That was the last message before BreachForums disappeared.
****Admin N/A?****
However, earlier today, Hackread.com spotted that the platform’s .onion domain had become active again, now under a new admin handle, “N/A.” The identity of “N/A” is unknown, but they claim the forum’s clearnet domain was suspended by the registrar following complaints and pressure from law enforcement.
Additionally, they claim the MyBB vulnerability has been fixed and that the forum was never compromised, with user data remaining protected throughout. “N/A” also addressed reports about the arrests of ShinyHunters members, denying that any original group members have been taken into custody.
For your information, after the arrest of former BreachForums administrator Conor Fitzpatrick, also known as Pompompurin, the forum reemerged under the leadership of the ShinyHunters group. However, in June 2025, authorities claimed to have arrested members of ShinyHunters, along with IntelBroker, another active member who had also served as the group’s administrator.
“N/A” also denied ever giving admin access to IntelBroker, claiming it was part of a strategy to divert law enforcement’s attention away from the original owners. According to the statement, IntelBroker never had administrative access to the forum.
Message from Admin N/A on BreachForums (Image credit: Hackread.com)
****As XSS.IS Falls, BreachForums Reemerges****
The return of BreachForums comes at a time when law enforcement is intensifying efforts against cybercrime. Less than 24 hours ago, in an operation called “Operation Checkmate,” authorities seized the infrastructure of the BlackSuit ransomware group, including two of its .onion domains.
Just a couple of days ago, the Russian-language cybercrime platform XSS.IS was seized following the arrest of its suspected administrator in Ukraine. While its dark web domain remains accessible, posts from admins and moderators suggest plans to revive the forum on other domains. Meanwhile, the return of BreachForums presents yet another challenge for law enforcement agencies.
The return of BreachForums on the dark web, along with plans to restore its clearnet domains, may be seen as good news within cybercrime circles, but it raises serious questions. Is it a honeypot set up by law enforcement? Who is “N/A”? Where is the original admin team if they haven’t been arrested? If you are active on BreachForums, sign in at your own risk, and consider quitting cybercrime for good.