For roughly a day in mid-July, every t.me link on the planet simply stopped working. Channels, group invites, bots, mini-apps - billions of shared links went dead at once, while the Telegram app itself kept running as if nothing had happened. The cause turned out to be almost absurd: US sanctions against a criminal VPN service whose contact channel happened to live on t.me. One compliance decision by a small domain registry in Montenegro was enough to knock out a core piece of infrastructure for a platform with over a billion users.
What happened to t.me
On July 13, 2026, the US Treasury's Office of Foreign Assets Control (OFAC) sanctioned First VPN Service, a VPN operation built for cybercriminals, along with its administrator, Ukrainian national Dmytro Rashevskyi. The sanctions listing included the service's public Telegram channel - written out as a full t.me address.
The next day, DomainME, the registry that operates Montenegro's .me top-level domain, placed the entire t.me domain on serverHold. That status is applied at the registry level, above the registrar, the DNS provider and the domain owner: the domain is removed from the DNS zone entirely, so no lookup anywhere in the world can resolve it. Every t.me link died globally, regardless of Telegram's own flawless infrastructure.
The VPN service behind the sanctions
First VPN Service was no ordinary provider. According to the FBI, the service had operated since 2014, was advertised almost exclusively on criminal dark web forums, and was used by at least 25 ransomware groups, as well as botnet operators and fraudsters. It is the same operation whose infrastructure the FBI and Europol dismantled earlier this year - the OFAC listing was the financial follow-up to that takedown.
The irony is hard to miss: sanctions aimed at a service that gave cover to ransomware gangs ended up disabling a communication tool for a billion ordinary users. The criminals lost a Telegram channel; everyone else lost their links.
Durov found out from X
Telegram received no advance notice. Founder Pavel Durov learned about the cause from public posts and appealed to the registry directly on X: "Hey @domainME, t.me links stopped working. Can you look into it?" WHOIS records at the time showed the domain registered until 2035 - expiration was ruled out, and no official explanation existed for hours.
Users who knew the trick could simply replace t.me with telegram.me in any link - Telegram's alternate domain was not mentioned in the sanctions filing and kept working throughout the outage.
Resolution in about a day
The hold was lifted after Telegram confirmed it had removed links to the sanctioned VPN service from its platform. DomainME stated that it works closely with law enforcement "in accordance with applicable laws, including sanctions requirements" - in other words, the registry saw a t.me address in an OFAC filing and suspended the whole domain rather than risk a compliance violation. Total downtime: roughly 19 to 24 hours.
Why this case matters
This is a precedent with implications far beyond Telegram. The DNS system has a built-in kill switch that sits above platforms, hosting providers and even national governments: the registry of a country-code domain. Montenegro's registry - operating under US sanctions pressure - switched off the link infrastructure of the world's largest messaging platforms overnight, by accident, with no notification.
Telegram has already lived through state-level blocking, from India's nationwide ban that pushed millions toward predatory VPN apps to the ongoing legal siege of its founder in France. But those were deliberate acts by governments against a platform. The t.me incident shows something new: a platform's infrastructure can be collateral damage of a sanctions filing that has nothing to do with it.
For ordinary users, the lesson is about resilience. When a single DNS entry can erase billions of links, the tools that keep you connected regardless of DNS-level decisions become part of basic digital hygiene. A trustworthy VPN will not fix a serverHold - but in the growing list of scenarios where access to a platform is cut at the network level, whether by a state block or an overzealous intermediary, an encrypted tunnel remains the most reliable way to reach the services you rely on.