- The US Treasury Department sanctioned First VPN Service for aiding ransomware gangs
- In compliance with the sanctions, the .ME registry mistakenly suspended Telegram’s entire t.me domain
- The domain was restored about 19 hours later after Telegram CEO Pavel Durov reported the issue online
If you clicked on a Telegram link on Monday and stared at a blank screen, you weren’t alone. Every card link starting with ‘t.me’ suddenly disappeared from the global internet, breaking group invites, profile shares and channel links for around a billion users worldwide.
But the outage was not caused by a technical error or a targeted cyber attack. Instead, it was the unintended collateral damage of a US government crackdown on a cybercriminal proxy network.
On July 13, the US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the administrators of a rogue proxy network called First VPN Service (1VPNS), aimed at cutting off infrastructure used by ransomware operators.
While everyone shopping for the best VPN expects privacy, First VPN actively courted cybercriminals with promises of total anonymity, leading European law enforcement to pull the plug on the service earlier in May.
As part of the new sanctions, the US Treasury Department published a list of URLs associated with the VPN. Buried in the list was a link to First VPN’s public Telegram support channel: t.me/FirstVPNService.
A sledgehammer for cracking a nut
Because TLDs operate under strict international compliance rules, domain registrars must act quickly when sanctioned entities use their infrastructure.
Identity Digital, the company that manages the technical backend for the .me domain, confirmed that the t.me domain had been blocked at the request of OFAC.
But because a domain registry can’t selectively disable a specific webpage or channel path — like a single Telegram group — Montenegro-based registry Domain.Me applied a “serverHold” status to Telegram’s entire t.me domain.
This sweeping action effectively deleted the domain from the global Domain Name System (DNS). The core Telegram app continued to function and the legacy telegram.me domain remained active, but the short links on which the messaging platform is built went completely dark.
The quick resolution
The sudden shutdown prompted immediate action from Telegram’s management.
Unaware of backend domain teams, Telegram CEO Pavel Durov took to X to publicly ask the registrar for an explanation: “Hey @domainME, t.me links stopped working. Can you look into it?”
Hi @domainME, links stopped working. Can you look at it? 🙏14 July 2026
Once the sanction issue was identified, Telegram scrubbed the offending channels from its platform. The registry operator subsequently verified compliance and brought the domain back online.
“On July 13, 1VPNS was included as a sanctioned entity by the US Treasury Department. A Telegram channel using the t.me domain was among 1VPNS-identified infrastructures. Therefore, the t.me domain was suspended,” domain.Me confirmed in a statement after the interruption.
The registrar clarified that normal service resumed approximately a day later after Telegram confirmed that it had removed its links and affiliations with 1VPNS. “We appreciate Telegram’s prompt cooperation in resolving this matter,” domain.Me added.
While the outage has now been resolved, the incident highlights a glaring vulnerability in the modern web, where a single web address swept up on a government sanctions list can inadvertently shut down a vital communication channel for millions.



