The notorious cybercrime forum BreachForums has resurfaced online, this time on a clearnet domain accessible without specialized tools like Tor.
The platform, long a hub for data leaks, hacking tools, and illicit trades, went dark earlier this year following a series of law enforcement takedowns and internal disruptions.
Now, just months later, it’s operational again, drawing both excitement from underground actors and suspicion from security experts.
The forum’s return was announced by its administrator, known only as “koko,” who claimed in a pinned post that core functionality has been fully restored from a recent backup.
Users can once again browse sections dedicated to stolen credentials, ransomware discussions, and zero-day exploits. Koko emphasized that the site is “stronger than ever,” with enhanced anonymity features to evade detection.
However, the revival comes amid whispers of compromise, specifically, the old escrow system, which handled cryptocurrency transactions for illicit deals, was hacked, leading to significant losses for vendors and buyers alike.
BreachForums Is Back Again?
BreachForums isn’t starting over entirely; koko detailed that the team is rebuilding the escrow service from scratch to address the vulnerabilities exposed in the breach.
“We’ve learned from the mistakes,” Koko wrote, promising improved encryption and multi-signature wallets to prevent future thefts.
This follows a pattern for the forum, which has bounced back multiple times since its inception in 2022 as a successor to the shuttered RaidForums.
Past iterations have been hit by FBI seizures and arrests, including the 2023 takedown of its founder, Conor Fitzpatrick, aka “Pompompurin.”
Yet, the clearnet pivot marks a bold shift. By ditching the dark web, BreachForums aims to attract a broader audience, including less tech-savvy criminals who avoid Tor’s complexities.
Despite the optimism from koko, skepticism abounds in the cyber underground. Many forum veterans suspect this iteration could be a honeypot operated by law enforcement.
“It’s too clean, too quick,” one anonymous poster commented, echoing concerns that U.S. agencies like the FBI or Secret Service might be monitoring activity to build cases.
Cybersecurity firms such as Recorded Future have issued warnings, noting that clearnet domains are easier for authorities to track via IP logs and hosting providers.
Experts urge caution for anyone encountering the site. “BreachForums has always been a double-edged sword, valuable intel for researchers, but a magnet for real threats,” said John Doe, a threat analyst at a leading security firm.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
