-
BreachForums recently lost two main domains after rival attacks.
-
The forum blames a former ShinyHunters member for using hacked police emails.
-
Their new domain is live, and the group plans “bulletproof” mirrors to avoid future takedowns.
The notorious cybercrime marketplace is on the move again. BreachForums just announced another domain migration after losing its primary clearnet addresses.
Administrators say competitors caused the chaos. They are not pointing fingers at the FBI this time around.
The Recent Takedown
Both breachforu.ms and breachforums.rs are now offline. The forum’s team posted a statement explaining what happened.
“We are aware that our clearnet domain has been suspended,” the administrators wrote. “In recent days, breachforums.rs and breachforu.ms were suspended due to competitor attacks.”
While BreachForums blames competitors, law enforcement is also active. The FBI’s Atlanta office recently took down a global $20 million phishing network, showing that authorities remain a major threat to cybercrime operations.
The group named a specific person as the culprit. They claim an individual known as “Yukari” led the charge. According to BreachForums, Yukari is a former member of the ShinyHunters cybercriminal collective.
The forum alleges that Yukari used compromised police email accounts and then used the hacked accounts to file complaints to suspend BreachForums’ domains. But those are just mere claims; nothing is certain yet.
There’s no indication that the authorities are the ones who seized the sites; it appears like a fight among rival criminal gangs.
The Domain Migration Move
The forum wasted no time; they’ve already started moving to a brand new domain called breachforum.st.
Administrators say the new site will go live alongside a “major platform update.” They also plan to launch additional mirror sites on what they call bulletproof top-level domains. The goal is simple. Make future takedowns harder.
Their partnership with ShinyHunters remains active. The forum confirmed that sponsorships and collaborations will continue, as nothing happened.
BreachForums also revealed plans to launch a clearnet “pay-or-leak” website for ShinyHunters in a day or two. Such platforms are typically used by extortion gangs, by the way, to publish stolen data and pressure victims into paying ransoms.
BreachForums’ Long Takedown History & Recovery
The original BreachForums started in 2022 after RaidForums shut down and became, pretty quickly, one of the world’s largest English-language cybercrime forums.
The platform sold stolen databases, compromised credentials, and initial access to hacked networks, plus other criminal services.
The forum’s founder, Conor Fitzpatrick, went by “Pompompurin” online. Authorities from the US arrested him in March 2023. A lot of people assumed this would be the end of BreachForums. But BreachForums relaunched fast instead under the leadership of a new set of people.
Then, in May 2024 the FBI partnered with law enforcement authorities in many countries to bust BreachForums. The agency successfully seized the forum’s entire infrastructure, apparently.
A seizure notice replaced the website, and investigators said they had accessed the forum’s backend systems. But then, somehow, a new version of BreachForums popped back up online shortly after. That quick recovery is one of the reasons why the forum is so popular.
Internal Battles and Rivalries
Law enforcement is not the forum’s only problem. The platform has faced a series of internal crises over the past two years.
Administrators have been arrested. Infrastructure has been compromised. One of the biggest incidents reportedly exposed hundreds of thousands of user accounts. That leak raised serious questions about trust and operational security inside the community.
The latest domain suspensions highlight a growing feud within the cybercrime underground. Different forums and rival operators are now targeting each other’s infrastructure directly.
Discussions across underground communities have pointed to rising tensions between competing BreachForums-branded platforms. The dispute has something to do with who owns the platform and who gets to take control over the user base.
As of now, there’s nothing out there to suggest law enforcement is responsible for the latest round of chaos. This time, it just looks like a dispute among hackers due to rivalry and fragmentation of the underground economy. Rival operators are willing to attack each other’s infrastructure for influence and credibility.
Whether this new domain lasts any longer remains an open question. But the pattern is clear: lose a domain, move to a new one, restore operations, and carry on. That cycle keeps repeating, and BreachForums shows no sign of breaking it anytime soon.
