The Hack Forum “Cracked” is Back After an FBI Takedown

The hack forum Cracked.io is back online after an FBI takedown. Here’s what’s happening.

Preface

In early 2025, Europol announced that two of the largest hack forum in the world – Nulled.io and Cracked.io – have been taken down after a law enforcement operation dubbed “Operation Talent:”

One of the forums, Cracked, is back on its feet again.

What’s Nulled.io and Cracked.to?

Both Nulled.io and Cracked.to have been known as some of the hottest marketplaces for cybercriminals for years – the hacking forums were known in cybercriminal circles because of the fact that they’ve shared, sold and traded data breaches, sold hacking tools and malware, and facilitated discussions on cybercrime. According to Europol, the operation to take down the hack forum took place from 28 to 30 January and led to the arrest of two suspects (names of which haven’t yet been revealed), searches though 7 properties, the seizure of 17 servers and over 50 electronic devices, as well as the seizure of around 300,000 EUR in cash and cryptocurrency.

According to law enforcement officers, the operators of the hacking forums had made millions facilitating the trading, sharing, and sales of data breach data, as well as cybercrime discussions and other activities. Furthermore, it is alleged that these two forums had offered AI-based tools and scripts to automatically scan for security vulnerabilities and attack applications.

The Aftermath

That’s all great news – or so it may seem. According to sources online, Cracked.io – one of the websites that have been taken down – has been resurrected with a new address and is already acquiring users:

According to the staff behind the hack forum, January 29th, 2025 “has been a very dark day” in their history, but the operators of Cracked.to didn’t stand down and announced that a figure known as “Liars” is the new administrator of the forum located at Cracked.sh.

Another interesting detail is the fact that the administrators claim that their server was encrypted and thus, law enforcement is not able to review any posts, passwords, or anything like that, however, the administrators do acknowledge that not taken down on the clear web is next to impossible and advises people to change their passwords and delete their private messages if they are concerned about their privacy.

The forum seems to be operating as usual, again offering upgrades, forum credits, and even operating a shoutbox accessible to everyone:

Time will tell if the hack forum Cracked.sh will succumb to the boot of law enforcement, but for now, things are seemingly back to usual – the forum doesn’t yet boast its former user base though, which was alleged to have comprised around 10 million users in total.

How to Protect Yourself From the Activities of the Hack Forum?

The two forums have been a haven for cybercriminals for years – and Cracked.sh is unlikely to stand for long. However, Cracked.sh is still operating and still sharing sensitive data breach data, facilitating discussions related to cybercrime and data breaches and whatnot, and as such, it’s vital to know how best to protect ourselves from attacks stemming from such services. Make sure to:

1. Use a password manager and change your passwords frequently – password reuse is the primary reason of account takeover attacks.
2. Make use of data breach search engines and register for data breach notifications – data breach search engines like BreachDirectory.com can help you figure out whether your data has been stolen and shared on hack forum like Cracked.sh, Nulled.io, or Cracked.to, and if that’s the case, advise you what to do next.
3. Avoid using those kinds of forums in the first place – if you’re a researcher, it may be tempting to register on a hack forum or two, but keep in mind that everyone who registers on these kinds of websites will be potentially of interest to law enforcement. It is better to wait until the data breach data shared on those types of websites reach data breach search engines like BreachDirectory.com and keep checking their data breach listing than to put yourself and your computers or servers at risk of being infected, breached, or otherwise exploited.
4. If you’re a developer building applications, ensure that your code is free of security flaws – of course, that’s easier said than done, but attending conferences and workshops and especially reading books can help set you on the right path. Hacking MySQL: Breaking, Optimizing, and Securing MySQL for Your Use Case is a great place to start because it will not only walk you through how to protect the data inside your database from hacker attacks but also walk you through why your database performance might be faltering and how to fix that.

In other words, make use of data breach search engines, subscribe to data breach notifications, and develop secure applications after educating yourself on how they can be exploited.

Hopefully, you’ve found this blog to be insightful and interesting – until next time.

FAQ

What is the Hack Forum Cracked.to and Nulled.io and What are They Famous For?

The hack forum Cracked.to and Nulled.io were famous in the cybercriminal circles because of their operation as discussion forums combined with offering tools and infrastructure as a service for cybercriminals, as well as the sharing, swapping, and trading leaked data breaches containing data of millions of people.

According to Europol, these two hacking forums had close to 10 million users in total.

Is It Safe to Use a Hack Forum?

In general, it is ill-advised to use hack forum even for recreational purposes because the usage of hacking forums could put you in hot water with law enforcement in the long run.

How to Protect Myself From Data Breaches?

To protect yourself from data breaches, make good use of data breach search engines, register for data breach notifications, as well as read books like Hacking MySQL: Breaking, Optimizing, and Securing MySQL for Your Use Case to understand how your databases may be faltering and how to secure them.