In a defiant return, the hacker forum Cracked—previously seized in a major FBI-led operation—has resurfaced under a new web address, Cracked[.]sh, announcing its comeback to a growing user base. The revived cybercrime platform has already logged 4.7 million users, 1 million threads, and over 36.24 million posts as of April 11, 2025.
FBI Operation Talent Seized Multiple Platforms Including Cracked
On January 29, 2025, the FBI conducted a coordinated international operation, Operation Talent, targeting several high-profile cybercriminal platforms:
- Cracked[.]io
- Nulled[.]to
- MySellIX[.]io
- StarkRDP[.]io
These platforms served as hubs for buying and selling stolen credentials, malware, and hacking tools. The seizure marked a significant hit to the underground cybercrime economy.
According to the FBI, Cracked and Nulled combined had over nine million users at the time of the raid. MySellIX was allegedly used by Cracked’s administrators for payment handling, while StarkRDP provided hosting services popular among cybercriminals.
Cracked Forum Resumes Operations Under New Admin “@Liars”
On April 11, the Cracked Staff Team posted a “Resumption of Service” notice at 6:01 p.m. ET, revealing the platform’s return and the appointment of a new administrator named @Liars.
“Dear Cracked Community,
As you all know, the 29.01.2025 has been a very dark day in our history. It took us some weeks to reflect on what had happened, how to move forward and especially when to move forward.
We want to thank everyone that was waiting patiently for the return of Cracked.”
The forum was restored using a January 25th backup, and updates were made to its “shoutbox” chat feature.
Data Security Measures and User Reassurance Post-Takedown
The Cracked team addressed concerns around data exposure during the FBI seizure. They claimed:
“To give you some Information regarding the seizure – our Server was encrypted and law enforcement is not able to review your posts, passwords or anything alike.”
However, they also acknowledged the risks of operating on the open web:
“Measures have been taken to prevent further seizures, but there isn’t a 100% guarantee – especially not in the clearweb.”
Users were advised to change passwords or delete private messages if concerned about data security.
Restoration of Purchases and New Payment System Incoming
For users who made purchases between January 25 and the January 29 seizure, the forum announced:
“Everyone that made a purchase after the 25th January can message @Liars with a proof of payment and we will add back the purchased upgrade or credits.”
They further confirmed that:
“A new payment system should be live within 1 week” and “every possible forum bug you may encounter will be fixed during the next days and weeks.”
Not the First: BreachForums’ Similar Saga
The reappearance of Cracked mirrors the volatile journey of another hacker forum, BreachForums, which has been shut down and revived multiple times since the 2023 arrest of its founder Conor Brian Fitzpatrick (aka Pompompurin).
- In June 2023, the forum returned under second-in-command Blaphomet.
- It was shut down again by the FBI in May 2024.
- Hacker group ShinyHunters allegedly took control in mid-2023, followed by a hack by rivals who published its database.
- In 2024, both ShinyHunters and a user named USDoD claimed control over a third version of the site.
As of now, BreachForums is operational, reportedly under ShinyHunters’ leadership.
Meanwhile, Fitzpatrick struck a deal with federal authorities in 2024, avoiding prison in exchange for 20 years of supervised release.
The resurgence of Cracked signals an ongoing tug-of-war between cybercriminal entities and law enforcement, with underground platforms continuously adapting to takedowns and evolving digital threats. Enterprise organizations must stay vigilant as these hacker forums persist, posing ongoing risks to corporate data security.
