FBI Strikes Again – BreachForums Seized 

Today, May 15, 2024, the FBI and DOJ, working alongside international partners like the NCA and New Zealand Police, have taken control of one of the major dark web forums, BreachForums. This action comes shortly after a significant data leak from the Europol portal surfaced on the forum. 

BreachForums History

BreachForums has operated as a dark-web marketplace for threat actors, allowing the trade of illicit items such as stolen access devices, identification means, hacking tools, breached databases, and other illegal services. Owned by Baphomet threat actor and linked to the ShinyHunters threat actor group, BreachForums had two versions overseen by different administrators, succeeding its precursor, Raidforums. Both versions eventually fell under law enforcement seizure, with the FBI recently taking control of the site and its data. 

In this operation, the FBI has not only shut down the BreachForums website but also their official Telegram channels and Baphomet telegram channel and website, now under FBI control. The site now displays a notice indicating FBI control, sparking discussions in other dark web forums about Baphomet’s potential collaboration with the FBI, particularly following the arrest of the former forum owner, Pompompurin, last year. 

Has Baphomet Been Arrested?

While the FBI reviews the site’s backend data and seeks information on threat actor activity, Baphomet’s arrest status remains uncertain. However, avatars of site administrators Baphomet and ShinyHunters are shown with prison bars in the FBI seizure announcement (as can be seen in figure 2), along with additional claims by users in dark web forums suggesting Baphomet’s arrest. 

The FBI has launched a website where victims and informants can provide information. This platform encourages former members of RaidForums or BreachForums to come forward with their experiences and any pertinent data. Victims can also report incidents related to these forums. Contact methods include email, Telegram, TOX account, and the FBI’s Internet Crime Complaint Center (IC3) page, which offers a form for sharing information about BreachForums and its members. 

What is Next?

As events progress, Cyberint’s research team speculates that the forum might reappear under fresh leadership, as has occurred previously. This apprehension represents another notable triumph for the FBI in combatting significant threats in the dark web data breach landscape, further bolstering their sustained endeavors against major threat actors over the last two years. The destiny of the compromised forum’s data and ownership remains ambiguous, but Cyberint will update as things become clearer.