After a mysterious takedown in April, one of the deep web’s most notorious hacking forums appears to be making a comeback with help from some familiar names.
After weeks of silence and speculation, one of the dark web’s most infamous hacking forums, BreachForums, seems to have resurfaced under a new domain. Cybernews received an email, allegedly from ShinyHunters, which stated that the notorious forum is back with a new domain – “breach-forums.st.”
“The forum is growing super fast and gaining a lot of traction. Also, I want to clarify that no member of our team has been arrested,” wrote ShinyHunters.
The notorious English-speaking hacking group is believed to have operated BreachForums since the 2023 arrest of its previous administrator, Pompompurin. ShinyHunters have previously listed stolen data from Santander, AT&T, and Ticketmaster.
On June 3rd, a post by the alias darked321 appeared on rival deep web forum DarkForums, announcing that BreachForums had relaunched and was once again accessible, this time via both a clearnet domain (breach-forums[.]st) and an onion address.
The announcement also included a statement from ShinyHunters. Their message claims the new site is legitimate, officially endorsed, and under restoration following a major infrastructure audit.
Also spotted on the site’s new “Shoutbox” feature was IntelBroker. This threat actor is another prolific and high-profile data leaker who has been largely silent since the forum went offline on April 15th, 2025.
Breach forum’s takedown and resurrection
BreachForums suddenly went dark in mid-April, prompting a flurry of speculation across dark web forums and Telegram channels. Some suspected law enforcement action. Others pointed fingers at rival hackers. A hacktivist group called Dark Storm even claimed responsibility, without any proof.
On April 28th, ShinyHunters re-emerged briefly to post a PGP-signed statement on the site’s front end, blaming a MyBB zero-day vulnerability and alleging that government agencies had tried to access the site’s database.
They also warned users to avoid imitation forums springing up in the wake of the shutdown.
Since the disappearance, other Breached domains kept emerging, but according to ZeroFox analysts, those clones failed to gain traction, and many of their domains are inactive.
ZeroFox Intelligence believes there is a very likely chance that breach-forums[.]st is the true successor, operated by actors with access to the original infrastructure. Attempts to register new accounts have so far failed due to MyBB SQL errors, hinting that backend configuration is still underway.
Despite technical hiccups, early signs suggest this version may indeed be the real deal. Historic content dating back to 2023 has appeared, and the site's UI has been noticeably renewed.
Your email address will not be published. Required fields are markedmarked