A US sanctions action against a rogue VPN knocked out Telegram's shortlinks for nearly a day — not because Telegram did anything wrong, but because its domain was collateral damage.
On July 13, the Treasury Department's Office of Foreign Assets Control sanctioned the operators of First VPN Service, a proxy network that actively marketed itself to ransomware gangs and had already been shut down by European law enforcement in May. OFAC published a list of infrastructure tied to 1VPNS, and buried in that list was a single Telegram support channel: t.me/FirstVPNService. Domain registries are legally required to act fast on OFAC lists, but there's a catch — a registry can't surgically remove one channel path from a domain. Identity Digital, which manages the .me top-level domain backend, confirmed that Domain.Me applied a "serverHold" to the entire t.me domain, wiping it from global DNS. The outage lasted roughly 19 hours. Core Telegram app functions stayed up, and the older telegram.me domain kept working, but every shortlink — group invites, profile shares, channel links — went dark for an estimated billion users.
The fix required Telegram CEO Pavel Durov to publicly prod the registrar on X before anyone connected the dots. Once Telegram scrubbed the offending channel and confirmed compliance, Domain.Me lifted the hold. What the incident actually demonstrates is an architectural fragility hiding in plain sight: a single URL on a government list can cascade into a platform-wide outage because DNS was never designed to make surgical cuts. Telegram isn't the first platform to get caught in sanctions crossfire, but the scale here — a billion users, 19 hours — sets a new benchmark for collateral damage.
Sanctions compliance and internet infrastructure have been on a collision course for years; this week they finally collided.