Telegram shortlinks knocked offline over sanctioned VPN connection

nyku1 pts0 comments

Telegram shortlinks knocked offline over sanctioned VPN connection

Jump to main content

Search

REG AD

Security

Telegram shortlinks knocked offline over sanctioned VPN connection

t.me borked for a day until platform proved it had no ties to service favored by cybercriminals

Connor Jones

Connor<br>Jones

Cybersecurity reporter

Published<br>thu 16 Jul 2026 // 11:07 UTC

The operator of the .ME domain registry has confirmed that Telegram's t.me shortlinks stopped working for around a day while the messaging platform verified that links associated with a sanctioned VPN service had been removed.<br>The US Office of Foreign Assets Control (OFAC) designated First VPN Service (1VPNS) on July 13 for selling services to ransomware groups and other cybercriminals.<br>Shortly after, users across the app reported problems with t.me links, which Telegram uses to share links to channels, groups, and profiles.

REG AD

Founder and CEO Pavel Durov publicly asked the .ME domain registry to look into it and Domain.Me confirmed the issues were related to OFAC sanctions.

REG AD

"The .ME Registry works closely with law enforcement to monitor and mitigate issues across the .ME domain in accordance with applicable laws, including sanctions requirements," Domain.Me stated via X.<br>"On 13 July, 1VPNS was included as a sanctioned entity by the US Department of the Treasury. A Telegram channel using the t.me domain was among 1VPNS identified infrastructure. Accordingly, the t.me domain was suspended.<br>"On 14 July, Telegram provided confirmation that it had removed its links and affiliations with 1VPNS. Once the confirmation was reviewed and verified, the suspension was removed from the t.me domain.<br>"We appreciate Telegram's prompt cooperation in resolving this matter."<br>The registrar did not specify which Telegram channel or group was identified as 1VPNS infrastructure. However, given that the service ran its own Telegram channel/account, and that group had its own t.me link that was also included verbatim in OFAC's sanction announcement, it seems likely that this was the reason for the domain-wide disruption.<br>After European law enforcement agencies took 1VPNS's infrastructure offline in May, authorities said the service, whose administrator was based in Dnipro, Ukraine, had been used by at least 25 ransomware groups, including Avaddon, for network reconnaissance and intrusions.

MORE CONTEXT

EU and UK officially blame Russian spies for cyberattack on Poland's power grid

Hands off our VPNs, privacy groups tell UK ministers

Telegram founder accuses Meta of sabotaging access in India with BGP hijacks

Elon Musk's xAI pays $300M to born-in-Russia messaging app Telegram to push Grok

Edvardas Šileris, head of Europol's European Cybercrime Centre, said at the time: "For years, cybercriminals saw this VPN service as a gateway to anonymity. They believed it would keep them beyond the reach of law enforcement. This operation proves them wrong.<br>"Taking it offline removes a critical layer of protection that criminals depended on to operate, communicate, and evade law enforcement."

REG AD

According to the FBI, which supported the France and Netherlands-led takedown, 1VPNS was advertised almost exclusively on criminal dark web forums and used for activity beyond ransomware.<br>The service allegedly enabled scammers, botnet traffic, denial-of-service attacks, scanning operations, and more since it began operating around 2014.<br>OFAC designated 1VPNS and its administrator, Dmytro Rashevskyi, on Monday. It also sanctioned Yevgeniy Vladimirovich Silayev for selling cryptors – tools designed to disguise ransomware and other malware so they evade detection by security software.<br>The announcement of the sanctions stated that ransomware groups used both services, causing billions of dollars in losses to US businesses and critical infrastructure providers.<br>Gene Lange, senior counselor to the Secretary of the Treasury, who is also performing the duties of the Under Secretary for Terrorism and Financial Intelligence, said: "Under President Trump's leadership, Treasury is using every available tool to disrupt the cybercriminal ecosystem and protect the American people.<br>"We will continue targeting the actors who enable ransomware attacks against Americans and our critical infrastructure." ®

privacy<br>data protection<br>vpn<br>security

REG AD

software

EU forces Google to share its toys with the other AI and search kids

The Chocolate Factory is not amused

SOFTWARE

AI vendors have found someone to pay their infrastructure bills: You

Forrester warns price hikes and usage charges will pump up software budgets next year

Gobi X: Creating more energy for AI, not taking it from society

PARTNER CONTENT: How Envision is reversing the datacenter playbook by making computing chase abundant desert power, not the other way around

software

Kick your mouse out of the house with this AI-assisted keyboard utility

Neverclick avoids being limited to certain apps by ditching...

telegram domain service 1vpns sanctioned ransomware

Related Articles