Less than a week after French authorities arrested several key BreachForums administrators and dismantled its infrastructure, a new post has appeared claiming the infamous cybercrime forum will relaunch on July 1.
The announcement, made by a user identifying as “Jaw,” marks a potential resurrection of the English-speaking data leak marketplace but also raises serious concerns about legitimacy, security, and the possibility of entrapment.
In a message posted to the new domain's front page, “Jaw” stated that the forum will return under new leadership. CyberInsider has opted not to disclose the new domain for security and ethical reasons, though it's easy to find online as it is already broadly circulated along with rumors. The post asserts that the recent arrests of “ShinyHunters” and “IntelBroker” have left a power vacuum and that the original servers and databases are now in the hands of US and French law enforcement. It further dismisses earlier claims of a MyBB zero-day exploit as deliberate misinformation planted by ShinyHunters to buy time.
The new iteration of BreachForums calls users not to reuse old usernames or identities, a likely acknowledgment that any returning member could now be under scrutiny by law enforcement agencies. The message closes with a rallying cry for resilience: “We've learned from the past. This time, we move forward—smarter, and together.”
CyberInsider
This purported relaunch follows a dramatic collapse of the forum's leadership. On June 24, 2025, French authorities conducted coordinated raids in several regions, arresting four suspects linked to BreachForums. These included high-profile aliases such as “ShinyHunters,” “Hollow,” “Noct,” and “Depressed.” A fifth member, “IntelBroker,” had already been apprehended earlier in February. As we previously reported, the group is suspected of operating the revived version of BreachForums that launched in 2023, following the arrest of original admin “Pompompurin” (Conor Brian Fitzpatrick).
BreachForums rose to prominence as a successor to RaidForums and quickly became a hub for the trade of stolen data, including credentials, internal documents, and personal records. High-profile breaches attributed to or facilitated through the platform include those targeting Dell, Apple, Ford, France Travail, and several healthcare and financial organizations. The forum served as a marketplace and communications hub for cybercriminals seeking to monetize compromised data or recruit for operations.
Among those most recently implicated, “IntelBroker” (identified by US authorities as Kai West) faces federal charges for orchestrating a cybercrime conspiracy that allegedly caused more than $25 million in damages. The Department of Justice has linked West to over 150 illicit data listings and accused him of selling stolen information in exchange for Monero cryptocurrency. His arrest followed an extensive investigation involving blockchain tracing, undercover forum activity, and cross-platform surveillance.
Given the scale of the law enforcement response and the seizure of the original infrastructure, the upcoming relaunch announcement has triggered widespread skepticism. It is speculated that the new domain may be a fraudulent clone, a scam designed to phish would-be cybercriminals, or even a law enforcement honeypot intended to identify and monitor re-offending users. CyberInsider cannot, at this point, verify any of these claims.
At this time, there is no confirmation of who controls the new domain or whether the entity posting as “Jaw” is truly unaffiliated with the arrested admins.
Leave a Reply