On July 13, 2026, Telegram’s t.me short-link domain went dark worldwide after the .me registry placed it on serverHold, a registry-level status that neither Telegram nor GoDaddy could reverse.
Quick Summary – TLDR:
- Telegram’s t.me domain carried eight WHOIS status flags, including serverHold, clientDeleteProhibited, and serverDeleteProhibited, per a registry update logged the same day.
- Telegram founder Pavel Durov posted on X asking the .me registry to look into t.me’s broken links, without advance notice of the suspension.
- WHOIS records show the domain has been registered since 2010 and is not due to expire until 2035-05-20, ruling out an expired registration as the cause.
- The suspension landed the same day OFAC added First VPN Service to its sanctions list, naming t.me/FirstVPNService among its listed web addresses, according to OFAC’s sanctions list. An FBI notice on the service said it had reportedly been used by at least 25 ransomware groups.
- Telegram redirected new link generation to the telegram.me domain while independent outage trackers logged no disruption to the core messaging app, leaving the failure isolated to the shortlink layer.
What Happened?
WHOIS and RDAP records for t.me began showing the serverHold flag, with an update timestamp of 2026-07-13T19:24:55Z. serverHold is an EPP (domain-registry protocol) status that only the .me registry, operated by Identity Digital, can apply, and it takes precedence over any registrar or DNS provider setting.
Durov noticed the issue and posted on X, tagging the .me registry directly:
Hey @domainME, https://t.co/9z6UC2o37U links stopped working. Can you look into it? 🙏
— Pavel Durov (@durov) July 14, 2026
There was no official explanation from Telegram or the .me registry at the time of his post.
The blackout reached every layer of Telegram’s public footprint. Invite links, channel previews, and shared message URLs all stopped resolving, while independent outage trackers logged no disruption to Telegram’s core messaging service. The isolation held to the shortlink layer, not the app itself.
How a Registry Hold Beats Every Safeguard?
The domain remained registered through GoDaddy, and its name servers still pointed to Google’s cloud infrastructure, evidence the delegation itself stayed intact while the registry overrode resolution from a level above it. The clientDeleteProhibited and serverDeleteProhibited flags rule out an accidental deletion, and the far-off 2035 expiry already rules out a lapsed renewal.
This differs from a registrar-applied clientHold. clientHold is typically used for issues like unverified contact details, whereas serverHold is reserved for registry-level actions such as fraud investigations, security concerns, legal disputes, or abuse flags. A single registry decision, not a hack or a misconfiguration, pulled every t.me link offline at once.
The OFAC Sanctions Link
First VPN Service, the sanctioned operator, is based in Dnipro, Ukraine, and OFAC’s designation lists cryptocurrency addresses across multiple chains alongside its web domains and an email address.
The sanctions update was published the same day the registry’s own log shows t.me’s status last changed, but neither OFAC, Identity Digital, nor Telegram has confirmed a direct link between the sanctions designation and the domain suspension. That shared date is the strongest evidence offered so far, and it is circumstantial.
Implications for Domain-Dependent Platforms
The mechanism matters more than the cause. The .me registry and Telegram operated under a long-running partnership that made t.me the platform’s shortlink domain of record, a dependency few competitors would flag as a single point of failure until it broke.
It is not Telegram’s first brush with a government adjacent chokepoint this year. India’s central government temporarily blocked Telegram in June over its alleged use by organized cheating networks tied to a national medical entrance exam, a restriction Telegram challenged in the Delhi High Court. The throughline: a government-adjacent lever can now decide whether a platform’s links resolve at all, without touching a single server the platform controls.
SQ Magazine’s Takeaway
A registry level serverHold is not a hack or a bug. It is a lever only the registry can pull, above anything a platform, registrar, or cloud DNS provider controls. Restoring a registry level hold typically takes anywhere from hours to several days once the underlying concern is resolved, which means the same structural gap could reopen the next time a sanctions list, a legal dispute, or an administrative error touches the .me registry.
Teams leaning on a single short-link domain should treat this as a live case study. Auditing critical-domain dependencies and monitoring EPP status codes can help reduce the risk of a similar outage. Watch for confirmation tying First VPN Service to the registry hold.