The notorious cybercrime platform BreachForums has reemerged on its original dark web .onion address, raising significant concerns among cybersecurity experts. The site has reportedly restored its infrastructure, including user-leaked databases, official breach listings, and forum posts. This resurrection follows an unexplained downtime that began in early April 2025, leading to rampant speculation regarding potential law enforcement action or a seizure of the forum.
In a notable turn of events, the homepage of BreachForums was replaced on April 28, 2025, with a message indicating that a MyBB 0-day vulnerability had exposed the site to potential infiltration attempts. This prompted the forum administrators to take the site offline until the vulnerability could be resolved. Since that message, the forum had been silent until its recent revival.
New Leadership Claims Security Improvements
The return of BreachForums under a new admin handle, “N/A,” was confirmed by Hackread.com. The identity of “N/A” remains unclear, but they have claimed that the forum’s clearnet domain was suspended due to law enforcement pressure. In their statement, they asserted that the MyBB vulnerability has been addressed and emphasized that user data remained secure throughout the downtime.
“N/A” also addressed rumors surrounding the arrests of members of the ShinyHunters group, asserting that no original group members have been detained. The ShinyHunters had previously taken control of BreachForums following the arrest of former administrator Conor Fitzpatrick, known online as Pompompurin. In June 2025, authorities claimed to have arrested members of ShinyHunters, along with another active member, IntelBroker, who had also previously served as an administrator.
Challenges for Law Enforcement
The revival of BreachForums occurs during a period of intensified law enforcement action against cybercrime. Just hours before the forum’s relaunch, an operation called “Operation Checkmate” resulted in the seizure of the infrastructure of the BlackSuit ransomware group, including two of its dark web domains. Additionally, the Russian-language cybercrime platform XSS.IS was seized following the arrest of its suspected administrator in Ukraine.
While the dark web domain of XSS.IS remains accessible, it appears that the forum is planning to revive its operations on alternative domains. The resurgence of BreachForums presents additional challenges for law enforcement agencies already grappling with the complexities of tracking cybercriminal activities.
The reappearance of BreachForums on the dark web, coupled with plans for a clearnet revival, raises pressing questions within cybersecurity circles. Is the platform a potential honeypot set up by law enforcement? What is the true identity of “N/A”? And where is the original admin team if they remain at large?
For users who may be tempted to engage with BreachForums, caution is advised. Signing into the forum may carry significant risks, and experts recommend reconsidering involvement in cybercrime altogether.
