Ex-admin of darknet marketplace warns: BreachForums is a police trap
The anonymous administrator confirms in several messages that the forum has been monitored by investigators since the last raid. It was promptly taken offline.
(Image: BeeBright/Shutterstock.com)
At the end of April 2025, law enforcement officers gained access to the darknet marketplace “BreachForums.” The administrators closed the security gap and put the forum back online at a different address. It now seems certain that criminals, not criminals, were actually in control of the marketplace for data thieves. This was confirmed by a member of the group that administered the forum.
In its heyday, the “BreachForums” forum served as a contact point for data thieves and stealers. This is where “IntelBroker,” a British man who has since been imprisoned, sold data from attacks on HPE and Cisco, as well as free tickets for concerts by the singer Taylor Swift. The forum was constantly in the crosshairs of international investigators. When it was taken over by the same investigators at the end of April and swept off the net – allegedly by means of an exploit for a security gap in the forum software –, this caused suspicion. Not unfounded: Darknet forums continue to be used by law enforcement as a “honeypot” to gather evidence against cybercriminals.
Videos by heise
Five of the administrators, including members of the “Shiny Hunters” group, have been in custody since June, but the forum soon reappeared at a new address. Now it appears that what many forum members suspected is now a certainty: BreachForums is itself “breached.” Authorities continued to operate the forum and thus gathered important information in the fight against cybercrime.
Signs of life with PGP signature
This is claimed by someone who should know: one of the members of the ShinyHunters group. In several messages – one of which was published on the popular criminal messenger Telegram –, he warned his fellow users that all user activity on BreachForums was being recorded by the authorities for evidence purposes and that the forum code had been manipulated. The forum should no longer be used.
As far as his personal safety is concerned, the unidentified man gave the all-clear: neither he nor the criminal infrastructure of the “ShinyHunters” group had been compromised. Earlier media reports spoke of the imprisonment of at least one member of the group. There is initially little doubt about the authenticity of the messages: they are both signed with the PGP key that “ShinyHunters” has been using for years. It also seems unlikely that this key is under the control of the authorities. They are unlikely to want to warn crooks about their investigations.
Forum offline – forever?
Immediately after ShinyHunters' second message, BreachForums went offline again and is still offline. We can only speculate whether there is a causal connection as well as a temporal one. What is certain, however, is that many users have lost faith in their former Darknet home for good and have migrated to other underground forums. However, they are threatened with a similar fate: the XSS forum, which specializes more in malware development, is also suspected of being infiltrated by law enforcement agencies.
(cku)
