TraceX Labs Uncovers Dark Web Threat Group Demanding $100,000 Ransom for Meta Outage
The Dark Web Intelligence Team at TraceX Labs, a cybersecurity firm based in India, has identified a dark web portal operated by a group calling itself “ANONYMOUS HOTZ /// APT.” This group claims responsibility for a significant global outage affecting Meta platforms, including Facebook and Instagram, which raises serious concerns about the security of major digital infrastructures and the potential for cyber extortion.
TraceX Labs’ investigation found that the portal predominantly features content in Chinese, with an option for English translation accessible through a language switch labeled “切换英文 / ENGLISH.” The onion service linked to this threat actor can be accessed via this link.
Chinese-Language Threat Message Observed
The homepage of the dark web portal displays multiple warnings and extortion messages in Chinese. Translations provided by TraceX Labs indicate that the group claims to have executed a Distributed Denial-of-Service (DDoS) attack against Meta’s infrastructure on June 12, 2026. The translated message states:
“On 12 June 2026, we executed a Distributed Denial of Service (DDoS) attack against Meta Platforms global infrastructure.”
The portal further alleges that this attack caused Instagram and Facebook services to go offline globally, resulting in mobile application crashes and widespread disruptions lasting over six hours.
Ransom Demand and Threats
The dark web portal includes a ransom demand of $100,000 USD, payable in USDT (TRC20) cryptocurrency. A wallet address and QR code for payment are prominently displayed on the page.
Wallet address displayed:
TKjqghf5aYdnpE4ZXFexZd1HYRrYC1EVXa
The site contains aggressive statements threatening another attack within 30 days if the ransom is not paid. One translated section warns:
“Failure to pay equals permanent Meta takedown.”
Another threat claims the next attack would involve:
“Full infrastructure collapse | 14+ days offline | Complete service destruction.”
The portal also threatens retaliation against any legal actions, wallet blacklisting, or countermeasures.
Key Findings from TraceX Labs Investigation
| Item | Detail |
|---|---|
| Investigating organization | TraceX Labs |
| Country | India |
| Threat actor alias | ANONYMOUS HOTZ /// APT |
| Portal default language | Chinese |
| English translation available | Yes |
| Claimed attack | DDoS on Meta infrastructure |
| Claimed affected platforms | Facebook and Instagram |
| Claimed outage duration | 6+ hours |
| Ransom amount | $100,000 USDT (TRC20) |
| Wallet address | TKjqghf5aYdnpE4ZXFexZd1HYRrYC1EVXa |
| Onion link | Onion link |
| Technical proof shared | None identified |
TraceX Labs Assessment
While the outage experienced by Meta was significant and widely reported, TraceX Labs emphasizes that there is currently no verified technical evidence linking the dark web actor to the disruption. The language used on the portal resembles fear-based extortion tactics often seen in ransomware and intimidation campaigns prevalent in the dark web.
At the time of publication, the following points were noted:
- Meta has not confirmed any cyberattack.
- No forensic evidence connecting the outage to the threat actor has been publicly released.
- No technical indicators, logs, or proof-of-attack data have been provided by the group.
Cybersecurity analysts suggest that the outage may have resulted from infrastructure issues, routing problems, or configuration failures rather than an external cyberattack.
Meta Yet to Confirm Cause
Meta has publicly acknowledged the service disruption and confirmed that restoration efforts were underway. However, the company has yet to comment on the claims made by the dark web group identified by TraceX Labs. No official root cause analysis has been published as of now.
Advisory from TraceX Labs
TraceX Labs advises the public and media organizations to approach such dark web claims with caution until they are independently verified through technical investigation. The company recommends:
- Avoiding engagement with extortion demands or cryptocurrency wallets.
- Not assuming the legitimacy of responsibility claims without evidence.
- Monitoring verified threat intelligence updates.
- Exercising caution when accessing Tor hidden services and dark web infrastructure.
Currently, the claims made by “ANONYMOUS HOTZ /// APT” remain unverified. Although the timing of the dark web post aligns with the Meta outage, there is no confirmed evidence that the outage was caused by a DDoS attack or by the threat actor behind the portal.
TraceX Labs continues to monitor the hidden service, associated cryptocurrency activity, and any emerging threat intelligence related to this incident.
For ongoing coverage and breaking updates, visit our Latest News section.
Published on 2026-06-13 10:01:00 • By the Editorial Desk
