- The US Treasury sanctioned First VPN Service for helping ransomware gangs
- In accordance with the sanctions, the .ME registry wrongly suspended the entire t.me domain from Telegram
- The domain was restored about 19 hours later after Telegram CEO Pavel Durov reported the problem online.
If you clicked on a Telegram link on Monday and looked at a blank screen, you weren’t alone. Every short link starting with “t.me” suddenly disappeared from the global Internet, disrupting group invitations, profile shares and channel links for around a billion users worldwide.
But the outage was not caused by a technical problem or a targeted cyberattack. Rather, it is the unintended collateral damage caused by the U.S. government’s crackdown on a cybercriminal proxy network.
On July 13, the US Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned the administrators of a malicious proxy network called First VPN Service (1VPNS), aimed at cutting off the infrastructure used by ransomware operators.
While anyone looking for the best VPN expects privacy, First VPN has actively courted cybercriminals by promising them complete anonymity, leading European law enforcement to shut down the service earlier in May.
As part of the new sanctions, the US Treasury published a list of web addresses associated with the VPN. Buried in that list was a link to First VPN’s public Telegram support channel: t.me/FirstVPNService.
A hammer to crack a nut
Because top-level domains operate under strict international compliance rules, domain registrars must act quickly when sanctioned entities use their infrastructure.
Identity Digital, the company managing the technical backend of the .me domain, confirmed that the t.me domain had been blocked at the request of OFAC.
However, because a domain registry cannot selectively disable a specific web page or channel path – such as a single Telegram group – the Montenegro-based Domain.Me registry has applied a “serverHold” status to the entire Telegram t.me domain.
This drastic action effectively wiped the domain from the global Domain Name System (DNS). The main Telegram app continued to work and the old telegram.me domain remained active, but the short links that the messaging platform relies on went completely dark.
The quick resolution
The sudden shutdown prompted Telegram management to take immediate action.
Unaware of backend domain ownership, Pavel Durov, CEO of Telegram took to X to publicly ask the registrar for an explanation: “Hey @domainME, the t.me links stopped working. Can you take a look?”
Hi @domainME, the links stopped working. Can you take a look? 🙏July 14, 2026
Once the sanctions issue was identified, Telegram removed the offending channels from its platform. The registry operator then verified compliance and brought the domain back online.
“On July 13, 1VPNS was included as a sanctioned entity by the US Treasury Department. A Telegram channel using the t.me domain was among the infrastructure identified by 1VPNS. As a result, the t.me domain was suspended,” domain.Me confirmed in a statement. following the breakdown.
The registrar said normal service resumed about a day later, after Telegram confirmed it had removed its links and affiliations with 1VPNS. “We appreciate Telegram’s prompt cooperation in resolving this issue,” domain.Me added.
Although the outage is now resolved, the incident highlights a glaring vulnerability in the modern web, where a single URL listed on a government sanctions list can inadvertently silence a critical communications channel for millions of people.




