Top 5 Hacker Forums on the Deep and Dark Web in 2022

Hacker forums are the global digital town square for cybercriminals. There you can find the trade of stolen data, software vulnerabilities, and even hacking tutorials. They also serve as a gateway for criminals, as some threat actors and hackers use them to commit cybercrime.

Hacking forums are typically used by new and professional hackers, as well as professional hacking and ransomware groups. It is for this reason that law enforcement and security agencies monitor these spaces to gain insightful information to investigate and prevent cybercrime. 

Yet at the same time, accessing and monitoring these forums is a challenging task, because hackers and forum owners are aware of the dangers of being surveilled and take different measures to protect and hide their identity.

Below we list the top five hacker forums and the type of threats you could find on them:

Launched: 2013, relaunched on September 2018
Main language: Russian 

XSS is a closed Russian hacker forum, which is considered to be one of the most popular and most professional Russian-speaking hacking forums. The name is an acronym for Cross-site scripting (XSS) which is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. 

The site was created and designed for the purpose of sharing information about exploits, zero-day vulnerabilities, malware, and network penetration. The main content that it hosts includes malware exploits, vulnerabilities, carding, access sales, and credential databases. XSS is well known in the cybercriminal scene and features discussions on illicit topics, mostly relating to hacking and financial fraud. The forum has additional sections and threads that are hidden and can only be accessed through paid membership for a premium account. The forum has also been used to recruit new members to malicious groups although recruitments never actually took place  directly on the forum.

The following post was published by Avoslocker ransomware group who were looking to recruit hackers to join their cybercrime activity:

Launched: March 2022
Main language: English

Shortly after the known and popular Raidforums was seized, one of its main leading and noticeable members, pompompurin, launched breached.co which was announced to be the official replacement to Raidforums. Raidforums’ users were naturally drawn to this site, as it provided the same information and its design resembles Raidforums. BreachedForums is a fertile ground for data breaches. Its “Databases” section maintains over 80 unique datasets containing over 1 billion records, with a total sum of over 20K users and more than 85K posts to date. The forum also consists of other sections such as Cracking, Marketplace, Tutorials and Scripts.

The following post was published by a BreachedForums member who shares a leak containing 120K email addresses and passwords of HackForums users, which is, as the name suggests, a rival hacker forum:

Hacking attacks on dark web forums has seen an upward trend as competition between different forums becomes fierce.  

Launched: February 2018
Main language: English

Dread is a Tor-based Reddit-like dark web forum, which came to popularity in 2018 after Reddit banned several darknet market discussion communities. It reached 12K users within three months since it launched.

Today, Dread is considered to be one of the most valuable forums as it features professional hacking posts and in-depth guides on hacking and software and carding. You can also find posts on illegal drugs, trade of stolen data, and general dark news such as announcements on the closure of major marketplace. It’s also known for the privacy it provides to its users. In addition to the hacking sections, Dread is also a popular platform for the discussions and trade of drugs. 

The following image shows a tutorial posted on Dread that shows how to test a malware on Microsoft Windows:

Launched: 2015
Main language: English

Nulled is one of the most active, known and valuable hacker forums, that boasts  4.5 million users and over 35 million posts.

The content we can find on it includes cracked programs, database dumps, stolen accounts, hacking tools and vulnerabilities, and hacking tutorials, which are posted on a daily basis. It was put in the media spotlight after it was hacked in 2016 and its databases, which included PayPal email addresses, emails of government domains, passwords, purchase records, and invoices, were leaked. Law enforcement took advantage of the breach to track hackers and cybercriminals who were registered on Nulled, but Nulled overcame the attack. Nulled is one of the largest known forums for various types of illicit content, ranging from leaks to pentesting and money-making scams.

The following image shows a threat actor who posted a cracked version of the gaming platform Vape.gg for download on Nulled:

Launched: April 2013
Main language: English

Cracked is a well known and important hacker forum with over 3 million users and more than 17 million posts. The posts run under different sections relating to cracking, hacking and coding, leaks, stolen and fake money, and marketplaces of illicit products such as malwares and vulnerabilities for sale.

In the next image you can see a cracked.io user posting leaked profiles from several platforms that were cracked, including ebulksms.com:

Although these are the top five hacker forums, we think it’s worth mentioning a sixth forum, which came closer behind the top five which is Exploit:

Launched: 2005
Main language: English, Russian

Exploit is another well established and known hacker forum which hosts discussions on different cybercriminal topics such as social engineering, security & vulnerabilities, social networks hacking, cryptography, malwares, programming for cracking. 

Exploit largely focuses on sharing exploits and vulnerabilities of computer systems, for hacking purposes, which is where its name originates from. It also functions as a marketplace where users can buy and sell digital illicit products such as malware, and various hacking and carding services. 

Currently, over 75K threat actors are active on Exploit with a total count of over $1 million posts they’ve written, in which they discussed and shared hacking-related information. 

In the following post, you can see a member of Exploit sharing an exploit to a CVE:

These hacker forums are just a few of the hundreds of dark web hacker forums we monitor here at Webz.io. In recent years, with the growing number of cyber and ransomware attacks, these forums have become more and more relevant to detect, preempt and mitigate hacking attacks, and data breaches. Monitoring these places also helps detecting malwares and vulnerabilities that can be used against enterprises and organizations.