Do Son 
BreachForums says it will be back up on Thursday, April 24th. Image by Cybernews.
Another attempt to revive the infamous hacker marketplace BreachForums has ended in failure, as malicious actors exploited a critical vulnerability in PHP to compromise the forum. It was later revealed that the breach stemmed from the administration’s prolonged negligence in updating the software.
The saga of BreachForums is inextricably linked to its founder — 20-year-old American Conor Brian Fitzpatrick, known online as Pompompurin. Launched in 2022, the platform swiftly evolved into the largest darknet marketplace of its kind, where participants exchanged cyberattack data, traded stolen information, and discussed vulnerabilities in widely used services. Fitzpatrick gained notoriety for a string of high-profile breaches, including the compromise of FBI systems. However, in March 2023, federal agents tracked him down and arrested him at his parents’ home in suburban New York.
Following the founder’s arrest, the site underwent a turbulent series of leadership changes and domain migrations. Yet none of its incarnations managed to remain operational for long. Each resurrection attempt was thwarted by either law enforcement pressure or technical setbacks, resulting in a revolving door of administrators.
Last week, an administrator under the alias Anastasia made a fourth attempt to relaunch the platform, but the project collapsed even before it went live. A new contender has now emerged — operating under the pseudonym Momondo. On a domain with a .SX extension, he published a detailed address to the platform’s thousands-strong user base, proclaiming his intent to restore the forum without involving questionable figures from previous iterations.
Momondo claims to have been part of the original admin team and asserts a direct connection to the founder himself. His technical analysis revealed that the most recent version of the site (breachforums.st) was running on an outdated MyBB engine. The lack of critical security updates had left the infrastructure riddled with vulnerabilities — exploitable not only by hostile outsiders but potentially by the FBI as well.
The latest reboot was scheduled for April 24, but instead of a revived forum, visitors were greeted with a sales notice. Anastasia offered a backup of the database dated April 10 and the source code for a modest price of $2,000.
The reasons for the failure of this relaunch remain unclear. Although both administrators — Momondo and Anastasia — alluded to possible law enforcement involvement and the use of a zero-day vulnerability, an alternative theory has surfaced. In the days leading up to the attempted relaunch, the forum was subject to relentless attacks by the hacker group Dark Storm Team.
This pro-Palestinian activist collective gained notoriety through recent DDoS attacks on Elon Musk’s social network X (formerly Twitter). DDoS, or Distributed Denial-of-Service attacks, aim to overwhelm websites with massive volumes of traffic from multiple sources, rendering them inoperable. Dark Storm Team openly taunted Anastasia, posting messages in their Telegram channel boasting that the attacks were conducted “purely for fun.”
In his statement, Momondo not only recounted the technical breach but also outlined a strategic vision for the forum’s future. He emphasized that hackers had exploited a previously unknown PHP vulnerability to gain complete access to the platform’s servers.
He also stressed the forum’s disassociation from the user “Shiny” and other individuals whose actions were deemed threats to the community’s safety and integrity.
After the initial FBI takedown in 2023, the forum was revived by a user named Blaphomet, formerly the deputy administrator. However, in May 2024, law enforcement once again shut down the platform. This was followed by a third revival attempt led by prominent figures in the hacker underground — the group Shiny Hunters and a user named USDoD. Both subsequently vanished from the public eye, fueling speculation that they had been apprehended.
Momondo’s team later issued an official statement via social network X, which was circulated by the Dark Web Intelligence research group. The administrators denied reports of arrests and reassured users of the robustness of their new infrastructure.
Alongside a fundraising campaign to support the initiative, Momondo announced the introduction of a fundamentally new governance model. His primary goals included enhancing security, ensuring administrative transparency, and restoring the platform’s original purpose as a space for knowledge exchange among cybersecurity professionals.
The ongoing standoff between law enforcement and the operators of underground online communities continues to escalate. The story of BreachForums serves as a stark reminder that even the most fortified digital havens can fall prey to human error and organizational missteps.
