Jul 18, 2026
Policy

Telegram t.me links restored after sanctions-related domain suspension

Domain.Me said Telegram’s t.me domain was suspended after OFAC tied a shortlink to sanctioned VPN service 1VPNS.

Renata Fuchs

By Renata Fuchs · Policy Reporter

· 3 min read

Telegram t.me links restored after sanctions-related domain suspension
Photo: The Register

Domain.Me, the operator of the .ME registry, said it temporarily suspended Telegram’s t.me domain after US sanctions identified a Telegram shortlink as infrastructure tied to First VPN Service, known as 1VPNS. The outage lasted around a day and disrupted links Telegram uses for channels, groups and user profiles, a reminder that platform distribution can depend on registry-level compliance decisions outside an app operator’s direct control.

The issue followed the US Office of Foreign Assets Control’s July 13 designation of 1VPNS, which the Treasury Department said sold services to ransomware groups and other cybercriminals. Telegram users reported failures with t.me links soon after, and Telegram founder and CEO Pavel Durov publicly asked the .ME registry to examine the problem.

Domain.Me said on X that it works with law enforcement and applies legal requirements, including sanctions rules, across .ME domains. According to the registry, a Telegram channel using t.me was listed among infrastructure associated with 1VPNS, which led to the suspension of the entire t.me domain.

The registry said Telegram confirmed on July 14 that it had removed its links and affiliations with 1VPNS. Domain.Me said the suspension was lifted after that confirmation was reviewed and verified. The company did not identify the specific Telegram channel or group that triggered the action.

OFAC’s sanctions notice included a t.me link for 1VPNS’s own Telegram account, which appears to be the relevant public link. Domain.Me has not said why a reference to one Telegram channel required domain-wide suspension rather than action against a narrower path or account. Telegram has not disclosed how many links or users were affected.

Sanctions followed a law-enforcement takedown

European authorities had already moved against 1VPNS before the US sanctions action. In May, law-enforcement agencies in Europe took the VPN service’s infrastructure offline. Authorities said the service was administered from Dnipro, Ukraine, and had been used by at least 25 ransomware groups, including Avaddon, for reconnaissance and network intrusions.

Edvardas Šileris, head of Europol’s European Cybercrime Centre, said at the time that criminals had treated the VPN as a route to anonymity and that removing it stripped away a layer of protection they had used to operate and avoid investigators.

The FBI, which supported the France and Netherlands-led operation, said 1VPNS was marketed almost entirely on criminal dark web forums. US authorities alleged the service had been used for more than ransomware, including scams, botnet traffic, denial-of-service attacks and scanning activity, and said it had operated since around 2014.

OFAC sanctioned 1VPNS and its administrator, Dmytro Rashevskyi, on Monday. It also sanctioned Yevgeniy Vladimirovich Silayev, who Treasury said sold cryptors, tools used to disguise ransomware and other malware from security software. Treasury said ransomware groups used both services and caused billions of dollars in losses to US businesses and critical infrastructure providers.

Gene Lange, senior counselor to the Treasury secretary and performing the duties of under secretary for terrorism and financial intelligence, said Treasury would keep targeting actors that enable ransomware attacks against Americans and critical infrastructure.

This story draws on original reporting from The Register.

More from Policy

All Policy →