Criminals in Retreat: Telegram’s Crackdown Forces Cybercrooks to Flee

For years, Telegram was the digital Wild West for cybercriminals: a bustling hub where illicit deals, stolen data, and hacking services flourished with little interference. But recent investigations reveal the tide is turning - Telegram’s days as the “go-to” underground platform are numbered, and the criminal exodus is already underway.

The Fall of a Cybercrime Haven

According to a new report from Kaspersky Lab, Telegram’s reputation as a safe harbor for cybercriminals is eroding fast. Analysts tracked hundreds of illicit channels and found that intensified moderation is pushing underground operators out of the platform. Although Telegram’s user-friendly bots and persistent file hosting once made it an attractive base for everything from stolen data sales to phishing kits, these same features are now under scrutiny.

Telegram, unlike some dedicated secure messengers, does not enable end-to-end encryption by default. Its centralized infrastructure and closed server code mean that users - especially those engaged in illegal activity - face a growing risk of exposure and de-anonymization. While these privacy gaps may not alarm regular users, they are dealbreakers for cybercriminals, who now openly discuss banning Telegram for “work” on dark web forums.

Underground Channels Under Fire

The study highlights that Telegram’s underground channels have an average lifespan of about seven months, with a noticeable increase in median survival time since 2021. This doesn’t mean the crackdown is easing - block rates remain high, with peaks in 2022 due to hacktivist activity and consistently elevated levels into mid-2025. Criminals attempt to adapt by frequently changing channels, posting innocuous messages, and adding disclaimers, but these measures generally fail to prevent bans.

High-profile groups are already packing their bags. Notably, BFRepo - nearly 9,000 members strong - migrated to the decentralized messenger SimpleX after repeated shutdowns on Telegram. Angel Drainer, another notorious collective, took things further by launching their own private messaging app, urging users to abandon Telegram entirely.

The Next Frontier for Cybercrime

Kaspersky’s researchers warn that the exodus from Telegram isn’t reducing the overall cybercrime threat. Instead, criminal communities are dispersing across new platforms, including decentralized messengers and custom-built tools. Cybersecurity professionals are advised to follow the migration, updating their monitoring and intelligence-gathering tactics to keep pace with shifting criminal infrastructure.