cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

BreachForums relaunches on dark web, clear web too risky?

BreachForums appears to be back, but not like it once was, with the recently seized platform’s admin announcing a new dark website for the forum.

user icon Daniel Croft
Mon, 27 May 2024
Breach Forums relaunches on dark web, clear web too risky?
expand image

As seen on a BreachForums announcement Telegram page, the forum’s admin, ShinyHunters (Shiny), has announced that the platform has a new onion address.

“Still under testing. Please report any bugs you may notice besides SMTP and CDN,” said Shiny on Telegram.

Responding to a post by cyber security expert Dark Web Informer on X (formerly Twitter), a number of users are having issues accessing the site, with the message “this site cannot be reached”.


The move seems to indicate that BreachForums is becoming an exclusively dark web accessible offering, unlike previously when it was accessible on the clear web.

As this follows shortly after BreachForums was seized by the FBI and other global law enforcement, including the Australian Federal Police (AFP), this is likely to reduce the risk of future seizures.

The BreachForums seizure occurred on 16 May, with one of the forum’s admins, Baphomet, being arrested by the FBI, and pretty much the entirety of the platforms infrastructure being seized.

“We regret to inform you that administrator Baphomet (our ‘space cowboy’), has been arrested, leading to the seizure of pretty much all of our infrastructure by the FBI,” said Shiny in a Telegram post.

“At this point, the future of our forum remains uncertain. No members of ShinyHunters have been arrested. We are currently waiting for further confirmations from our staff, and we will keep you updated with any new announcements in this channel.”

Following the seizure, the site’s domain showed an FBI seizure banner, with pictures of Baphomet and Shiny behind bars.

Only days after the seizure, a notorious BreachForums user known as USDoD claimed they were establishing a BreachForums replacement called Breach Nation.

“Ladies & gentlemen, prepare for landing,” he said.

“Fasten your seat belts, thank you for flying USDoD Airlines.

“Oh and me, call me the captain, DoD.

“So, together we stand, divided we fall.

“United we form Breach Nation and take on all.”

The most recently seized BreachForums was known to many as BreachForums V2, as it had been taken down once before, with admin Pompompurin, also known as Conor Brian Fitzpatrick, arrested and charged in March last year.

USDoD is attempting to draw the former BreachForums user base to his own new platform, of which he is the sole administrator and staff member.

“As you may know, the BF V2 community has grown to 150,000 members. Unlike the previous owner, I am not driven by profit. As a token of goodwill, the first 200,000 users will receive the latest upgraded version of the member rank,” USDoD said.

“There are others, such as ShinyHunters [the other BreachForums admin alongside Baphomet] and his team, who plan to create their own forum. However, I urge you to consider ShinyHunters past performance on BF V2 before making a decision.

“Why should you join a new forum led by a team that have a poor stats on his forum he owned? Instead, consider giving a chance to someone who genuinely cares, loves the work, has proven their value, and has worked their way to the top without the luxury of an unlimited budget.

“I am here to lead, and whether you like it or not, I am determined to succeed, even without the support of the former staff.

“My goal is to revive the community and provide opportunities for everyone. I am not affiliated with the old staff, but I promise to do a better job and keep the legacy alive.

“I am not concerned with who is in charge at the Department of Justice or who the FBI director is. My focus is on keeping the system running.”

As USDoD alludes to, another platform appears to be forming out of BreachForums’ demise.

A Telegram channel called Jacuzzi 2.0 has appeared and already has over 4,000 members who appear to be BreachForums refugees, including prolific threat actor IntelBroker.

There are also two more Jacuzzi 2.0 channels, in which ShinyHunters announced Baphomet’s arrest.

Outside of this, not much is known about Jacuzzi 2.0.

Update 29/05/2024 - Breach Forums has restored clear web access.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.