The cybercrime forum BreachForums has unexpectedly reappeared on its original dark web domain, raising eyebrows in the cybersecurity community. The site seems to be fully operational, featuring its infrastructure, user-leaked databases, official breach listings, and forum posts. This comes after both its clearnet and dark web domains went offline in early April 2025, leaving members speculating about potential law enforcement action or a seizure.
In a message dated April 28, 2025, the forum’s homepage had indicated that a vulnerability in MyBB software had exposed it to law enforcement infiltration attempts. The administrators decided to take the site offline until the issue could be resolved. This message marked the last communication from BreachForums before its disappearance.
N/A, the new administrator, claims that the clearnet domain was suspended due to pressure from law enforcement. They assert that the MyBB vulnerability has been addressed and that user data remained secure during the downtime. In their statement, N/A also disputed claims regarding the arrests of members from the ShinyHunters group, stating that none of the original members had been detained.
BreachForums has undergone a significant transformation since the arrest of former administrator Conor Fitzpatrick, also known as Pompompurin. After his arrest, the forum reemerged under the ShinyHunters group’s leadership. However, authorities reported the arrest of ShinyHunters members and another key figure, IntelBroker, in June 2025. N/A has denied that IntelBroker ever had administrative access to the forum, claiming this was a tactic to mislead law enforcement.
Context of BreachForums’ Reemergence
The return of BreachForums coincides with heightened law enforcement actions against cybercriminal activities. Just a day prior to BreachForums’ comeback, authorities executed “Operation Checkmate,” which led to the seizure of the infrastructure belonging to the BlackSuit ransomware group, including two of its dark web domains.
Additionally, the Russian-language cybercrime platform XSS.IS was seized following the arrest of its suspected administrator in Ukraine. Although the dark web domain remains active, posts from its administrators suggest intentions to revive the forum on alternative domains.
While the reemergence of BreachForums may be perceived as a positive development for those involved in cybercrime, it raises critical questions. Is this operation a honeypot set up by law enforcement? What is the true identity of “N/A”? And where is the original admin team amidst these developments?
As the landscape of cybercrime continues to evolve, those engaging with BreachForums should do so with caution. The resurgence of this platform serves as a stark reminder of the ongoing battle between law enforcement and cybercriminals. For users active on BreachForums, signing in carries inherent risks, and many are advised to reconsider their involvement in cybercrime altogether.