US Sanctions on a Ransomware VPN Took Telegram's t.me Domain Offline for 24 Hours

The sanctions listing included one Telegram group URL. The registry suspended the entire t.me domain instead.

Saganote
Saganote ·
3 Min Read

Telegram's t.me shortlink domain went offline for roughly 24 hours Monday after the US Treasury's Office of Foreign Assets Control sanctioned First VPN - a provider the FBI says was used by at least 25 ransomware groups. OFAC's sanctions listing included a full t.me URL pointing to the VPN provider's public Telegram group. DomainME, the Montenegro-based registry that manages the .me top-level domain, placed t.me on serverHold to comply with the sanctions filing. Every Telegram invite link, channel preview, and shared message URL using t.me stopped resolving worldwide. Telegram's core messaging was unaffected throughout.

Predrag Lešić, the chief executive of DomainME, confirmed the cause and resolution to TechCrunch: "The t.me domain is back online. We will be issuing an official statement shortly." In a public post responding to Telegram founder Pavel Durov, DomainME said t.me was "on hold due to OFAC compliance, but it is back online now." Durov had posted on X that t.me links had "stopped working" without knowing the reason at the time.

Why the Whole Domain Went Down for One Flagged URL

OFAC's sanctions listing named the full address of First VPN's Telegram group - one specific URL, not the t.me domain itself. DomainME suspended the entire t.me domain rather than blocking only that address. A serverHold is a registry-level status, not a registrar-level one - meaning neither Telegram nor GoDaddy could lift it. Only DomainME could reverse it, and it did so once it resolved the compliance question. US companies that fail to comply with OFAC sanctions face heavy fines, which explains the aggressive response.

A separate Telegram domain, telegram.me, was not listed in the sanctions file and stayed operational throughout the outage. Developers who hardcoded t.me links in bots, apps, or documentation found those links broken for the duration. Security researchers tracking supply chain risk have long flagged that dependency on third-party shortlink infrastructure introduces outage vectors that operators cannot control - Monday's incident is the clearest example of that failure mode at scale.

First VPN Was Shut Down in May - OFAC Made It Formal Monday

Law enforcement shut down First VPN in May 2026 after connecting the service to two dozen ransomware operations. Monday's OFAC action formally designated the provider as a sanctions target, adding it to the blocked list that US companies must screen against. VPN providers operating in legal gray zones face the same designation risk - any VPN whose infrastructure gets named in a sanctions filing can pull down adjacent services that share a domain registration, a hosting provider, or in this case a URL shortener.

Neither OFAC, DomainME, nor Telegram has explained why the registry suspended the full t.me domain rather than the single flagged URL. DomainME's statement to TechCrunch said an official explanation is coming. For now, t.me resolves normally, and Telegram has not commented.


Share this
Previous
Google Images Turns 25 With a Pinterest-Style Redesign and Nano Banana Image Generation in Search

Google Images Turns 25 With a Pinterest-Style Redesign and Nano Banana Image Generation in Search

Jul 14, 2026

Saganote

About Author

Saganote

Saganote is an independent technology publication covering artificial intelligence, startups, cybersecurity, consumer technology, science, and innovation. Our editorial team reports on the companies, products, and ideas shaping the future.