- US Treasury Sanctions First VPN Service for Helping Ransomware Gangs
- Complying with sanctions, the .ME registry mistakenly suspended the entire t.me domain from Telegram
- The domain was restored about 19 hours after Telegram CEO Pavel Durov flagged the issue online.
If you clicked on a Telegram link on Monday and stared at a blank screen, you weren’t alone. Every short link starting with ‘t.me’ suddenly disappeared from the global Internet, breaking group invites, profile shares, and channel links for approximately one billion users worldwide.
But the outage was not caused by a technical problem or a targeted cyberattack. Instead, it was the unintended collateral damage of a US government offensive against a cybercriminal proxy network.
On July 13, the Office of Foreign Assets Control (OFAC) of the US Department of the Treasury. sanctioned the administrators of a fraudulent proxy network called First VPN Service (1VPNS), with the goal of cutting off the infrastructure used by ransomware operators.
While anyone who buys the best VPN expects privacy, First VPN actively courted cybercriminals with promises of complete anonymity, prompting European authorities to take the service offline in early May.
As part of the new sanctions, the US Treasury published a list of web addresses associated with the VPN. Buried in that list was a link to First VPN’s public Telegram support channel: t.me/FirstVPNService.
A mallet to crack a nut
Because top-level domains operate under strict international compliance rules, domain registrars must act quickly when sanctioned entities use their infrastructure.
Identity Digital, the company that manages the technical backend of the .me domain, confirmed that the t.me domain had been blocked at the request of OFAC.
However, because a domain registry cannot selectively disable a specific web page or channel path, such as a single Telegram group, Montenegro-based registry Domain.Me applied a “serverHold” status to the entire Telegram t.me domain.
This radical action effectively deleted the domain from the global Domain Name System (DNS). The main Telegram app continued to function and the old telegram.me domain remained active, but the short links on which the messaging platform is based were shut down completely.
The quick resolution
The sudden shutdown prompted immediate action from Telegram leaders.
Pavel Durov, CEO of Telegram, is unaware of backend domain retention took to
Hello @dominioME, the links stopped working. Can you research it? 🙏July 14, 2026
Once the sanctions issue was identified, Telegram removed the offending channels from its platform. The registry operator subsequently verified compliance and brought the domain back online.
“On July 13, 1VPNS was listed as a sanctioned entity by the US Department of the Treasury. A Telegram channel using the t.me domain was among the infrastructure identified by 1VPNS. Consequently, the t.me domain was suspended,” domain.Me confirmed in a statement. after the blackout.
The registrar clarified that normal service resumed about a day later, after Telegram confirmed that it had removed its links and affiliations with 1VPNS. “We appreciate Telegram’s prompt cooperation in resolving this matter,” domain.Me added.
While the outage is now resolved, the incident highlights a glaring vulnerability in the modern web, where a single URL included on a government sanctions list can inadvertently silence an essential communication channel for millions.




