Since the cyberattack on March 4, the story surrounding YggTorrent has unfolded like a chaotic thriller. Within just a few days, the popular French torrent tracker announced its permanent shutdown, hinted at a comeback, and then disappeared again.
On March 12, 2026, the administrators posted a new message confirming that the project was officially over, this time without dramatic countdowns or cryptic quotes.
Here’s a recap of the strange sequence of events involving a ransomware demand, a massive data leak, a failed relaunch attempt, and accusations about the hacker’s identity.
March 4: Hack, Data Leak, and Site Shutdown
The situation began during the night of March 3–4, when a hacker using the alias Gr0lum claimed to have breached the infrastructure of YggTorrent.
Shortly after the intrusion, the attacker released a file archive called “YGGLeak”, describing the damage allegedly inflicted on the platform:
- destruction of several servers
- exfiltration of a database containing 6.6 million user accounts
- publication of the site’s source code
A few hours later, the main domain displayed a message announcing the permanent closure of the site.
The administrators later responded by publishing their own report on a website called gr0leak.fun, offering a different version of events. According to them, the attack started on March 2, when they received a ransom email requesting 300 XMR (Monero)—roughly €100,000.
The email reportedly came from gr0lum@proton.me.
Meanwhile, the hacker claimed the attack was meant as retaliation for alleged practices by the platform.
March 5: “YggTorrent Is Dead, YGG Is Coming”
Less than 24 hours after announcing the shutdown, the administrators made a surprising move.
The closure message on the main domain was replaced with a countdown timer and a cryptic announcement:
“YGGTORRENT IS DEAD. YGG IS COMING.”
The page also included a Russian sentence implying that it was “too early to bury them.”
The countdown pointed to March 16 at 21:00, suggesting a relaunch under a new name and new platform.
Later updates replaced the Russian phrase with a Latin quote from Horace:
“Non omnis moriar” — “I shall not entirely die.”
Behind the scenes, administrators claimed they had completely rebuilt the platform using the Django framework, replacing the aging CodeIgniter engine that had powered the tracker for over a decade.
However, the community never saw this new version.
The Alleged Sabotage of the New Site
According to the administrators’ report, the hacker didn’t stop after the initial breach.
They claim Gr0lum attempted to sabotage the relaunch by compiling a real ransomware sample that contained a call to:
ygg.guru/api/health
The attacker allegedly submitted the malware sample to multiple antivirus vendors.
The consequence was immediate:
- security tools flagged the ygg.guru domain as malicious
- Cloudflare blocked access to the site
- the domain registrar placed the domain on hold status
As a result, the new website was effectively shut down before it even launched.
It’s important to note that this version of events comes from the administrators. The hacker has not publicly responded to these specific accusations.
March 12: Final Shutdown and Hacker Identity Claims
On March 12, the administrators published another message on the original domain.
This time, the tone was definitive:
- the relaunch was canceled
- the domain names were put up for sale
- no future return was planned
The message also linked again to the gr0leak.fun dossier, where the team claims to have identified the hacker.
According to the document, Gr0lum may be a French developer using the GitHub alias @UwUDev.
The administrators claim they traced the identity through a GitHub tool designed to bypass YggTorrent protections. The tool’s author had previously argued with administrators on Discord in December 2025, after the tool was blocked.
One key piece of evidence cited is a GitHub repository called “ciao-ygg”, created on March 1, just days before the hack.
The repository reportedly contained:
- the IP address of a pre-production server
- an HMAC key extracted from the infrastructure
The repository was signed by UwUDev.
The Accused Developer Denies the Allegations
Following the publication of the report, @UwUDev responded publicly on Reddit, denying any involvement in the hack.
According to his explanation:
- the HMAC key found in his repository was sent to him by Gr0lum
- he was not responsible for the attack
- the administrators’ accusations are incorrect
At this stage, there is no independent confirmation supporting either side’s claims.
The situation remains highly disputed.
Is YggTorrent Really Gone?
It’s difficult to say with certainty.
Within just a week, the administrators:
- announced a permanent shutdown
- teased a relaunch
- confirmed another permanent closure
Even with a final signed message, some observers remain skeptical.
What seems certain is that the YggTorrent brand itself has been severely damaged. The hack exposed internal practices and fractured trust within the community.
However, history shows that torrent trackers rarely disappear forever. The same team could eventually return with a new project under a different name.
In the meantime, French torrent users still have alternatives. Several trackers remain active, and a site called ygg.gratis has reportedly mirrored the entire YggTorrent catalog since March 4, offering access without subscription limits.
And if you'd like to go a step further in supporting us, you can treat us to a virtual coffee ☕️. Thank you for your support ❤️!
We do not support or promote any form of piracy, copyright infringement, or illegal use of software, video content, or digital resources.
Any mention of third-party sites, tools, or platforms is purely for informational purposes. It is the responsibility of each reader to comply with the laws in their country, as well as the terms of use of the services mentioned.
We strongly encourage the use of legal, open-source, or official solutions in a responsible manner.
Comments