Site icon On DarkNet – Dark Web News and Analysis

An introduction to the five operational administrators of BreachForums, a dark web data breach forum, and their downfall fates

BreachForums is a hacker forum for exchanging and trading leaked data, accessible on both the dark web and the internet, where numerous cybercriminals use it to trade, sell, and purchase stolen data.

Since the establishment of the first version of the dark web data breach forum BreachForums in March 2022, "ODN" has reviewed that BreachForums has gone through five operational administrators (those at the Owner level with access to the database source code and other foundational infrastructure). This article will detail these five administrators and their fates.

First Administrator: Pompompurin, arrested by the FBI, later sentenced to 20 years of supervised release

After the well-known dark web data breach forum RaidForums was seized by the FBI in 2022, "Pompompurin" created a new forum named BreachForums (also known as Breached), which is the first version of BreachForums (BreachForums v1), and Pompompurin was the founder of BreachForums.

In March 2023, the founder of BreachForums, "Pompompurin," real identity Conor Brian Fitzpatrick from New York, was arrested by the FBI.

In January 2024, Pompompurin was sentenced to 20 years of supervised release in the Eastern District of Virginia, without prison time, but required to serve two years at home (with GPS tracking and mental health treatment), with the first year also banned from internet use.

Second Administrator: Baphomet, disappeared without a trace

After Pompompurin's arrest, an administrator named "Baphomet" took over the forum but shut it down, suspecting that the FBI had gained access to the infrastructure of BreachForums v1.

In June 2023, a few weeks after closing the first version, Baphomet announced a partnership with the hacker and data seller ShinyHunters to create the second version of BreachForums (BreachForums v2).

Due to concerns that the database of the first version was compromised by the FBI, the second version was a completely new forum without importing old data from the first version.

In May 2024, the second version of BreachForums was also seized by the FBI, with seizure banners featuring the forum profile images of administrators Baphomet and ShinyHunters, alongside the FBI taking control of the official BreachForums Telegram channel and other channels and groups owned by Baphomet.

Baphomet seems to have been arrested by the FBI, but there are no reports, leading some to speculate that he might be an undercover federal agent.

In summary, the second version of BreachForums' administrator, Baphomet, mysteriously vanished.

Third Administrator: ShinyHunters, announced retirement

After the FBI seizure of the second version, another administrator "ShinyHunters" took over the website, regaining access to the clearnet domain after a tug-of-war with the FBI, changed the dark web domain, and relaunched quickly (by late May 2024), referred to by this site (anwangxia.com) as the third version of BreachForums (BreachForums v3). ShinyHunters also disclosed that the previous administrator of BreachForums, Baphomet, had been arrested by law enforcement.

However, the third version operated for less than a month; since June 10, 2024, it has been inaccessible again, with ShinyHunters' Telegram and the new BreachForums Telegram channels and groups being deleted. Two days later, BreachForums became accessible again on both the dark web and the internet.

As issues arose with the operation of the third version, it became widely believed that BreachForums had turned into an FBI honeypot. At this point, ShinyHunters, tired of the pressure of running the notorious hacker forum, chose to retire, returning to the forum on June 14 to announce that it was now under the ownership of a threat actor named "Anastasia."

Fourth Administrator: Anastasia, disappeared without much presence

The nickname "Anastasia" is not familiar to outsiders, but a BreachForums user "earflaps" posted that Anastasia, also known as "Anastasia Belshaw," was a former administrator and a friend of Shiny, which is why he was given the title of Owner.

"earflaps" says many speculate Anastasia is either a stand-in for Shiny or a federal agent impersonating the original administrator Anastasia, as he neither speaks nor posts, essentially doing nothing on the forum.

The threat actor emo, who leaked the first version of the BreachForums database, claimed on their Telegram channel that Anastasia is actually the former administrator Hollow. At this moment, BreachForums is managed by three people: Anastasia, who replaced ShinyHunters but does nothing, and two moderators, Armadyl and WillyWonka.

According to "ODN" monitoring, although nominally led by Anastasia, the forum under his administration clearly lacked active management and vitality, remaining stagnant and passive, with most of the time being managed by moderator WillyWonka.

Fifth Administrator: IntelBroker, still in position

On August 15, 2024, BreachForums began to be managed by the infamous hacker "IntelBroker," marking the fifth administrator of the forum. Interestingly, some old moderators like "WillyWonka" chose to leave, even disabling their accounts.

IntelBroker is an individual (or criminal hacking group) active on the dark web, covering forums like XSS, BreachForums, and Exposed. They are a threat actor within the hacking collective "Cyber​​niggers," active in hacktivism and cybercrime, particularly as an Initial Access Broker (IAB), IntelBroker specializes in identifying and selling access to compromised systems, paving the way for various malicious activities.

At the same time, emo disclosed on their Telegram channel that IntelBroker is not only a homosexual pedophile but also an FBI informant. However, this could not be verified.

Recently, "IntelBroker" and "DuperTrooper" recorded a video where they win a BreachForums Minecraft server by duplicating items for payment, disrupting their game economy.

Exit mobile version