Instagram Down Outage Claimed on Dark Web by “ANONYMOUS HOTZ /// APT”
TraceX Labs, an Indian cybersecurity and threat intelligence company, has identified a dark web portal where a threat actor group calling itself “ANONYMOUS HOTZ /// APT” is claiming responsibility...
TraceX Labs, an Indian cybersecurity and threat intelligence company, has identified a dark web portal where a threat actor group calling itself “ANONYMOUS HOTZ /// APT” is claiming responsibility for the recent global Instagram and Facebook outage that affected millions of users worldwide.
Table Of Content
The dark web page appeared shortly after users began reporting widespread problems accessing Instagram and Facebook services on June 12, 2026. During the outage, users experienced login failures, mobile app crashes, feed refresh issues, and web service errors across multiple countries.
The hidden service identified by TraceX Labs is hosted on the Tor network and primarily loads in Chinese language by default, while also providing an English translation option.
Dark web onion link identified during the investigation:
http://snicftgczh2ykx63skfevccrjrnmzbsqtje3zfdmgoruggm6psqnkpid.onion/
Threat Actor Claims DDoS Attack Against Meta
According to translated content reviewed by TraceX Labs researchers, the actor claims to have carried out a Distributed Denial-of-Service (DDoS) attack targeting Meta Platforms infrastructure.
The page states:
“On 12 June 2026, we executed a Distributed Denial of Service (DDoS) attack against Meta Platforms global infrastructure.”
The portal further claims that Instagram and Facebook services were “taken offline globally,” resulting in mobile application crashes and service disruptions lasting more than six hours.
$100,000 USDT Ransom Demand
The dark web page contains a ransom demand of $100,000 USD payable in USDT (TRC20) cryptocurrency.
Wallet address displayed on the portal:
TKjqghf5aYdnpE4ZXFexZd1HYRrYC1EVXa
The threat actor warns that another larger attack will allegedly occur within 30 days if payment is not made.
One message displayed on the page reads:
“Failure to pay equals permanent Meta takedown.”
Another section threatens:
“Next attack: Full infrastructure collapse | 14+ days offline | Complete service destruction.”
The site also warns that any attempt to block the wallet address, initiate legal action, or perform countermeasures would trigger “immediate retaliation.”
Key Findings from TraceX Labs Investigation
| Item | Detail |
|---|---|
| Investigating organization | TraceX Labs |
| Country | India |
| Threat actor alias | ANONYMOUS HOTZ /// APT |
| Portal language | Chinese by default with English translation |
| Claimed attack | DDoS on Meta infrastructure |
| Claimed affected platforms | Instagram and Facebook |
| Claimed outage duration | 6+ hours |
| Ransom amount | $100,000 USDT (TRC20) |
| Wallet address | TKjqghf5aYdnpE4ZXFexZd1HYRrYC1EVXa |
| Onion link | http://snicftgczh2ykx63skfevccrjrnmzbsqtje3zfdmgoruggm6psqnkpid.onion/ |
| Technical proof provided | None identified |
No Technical Evidence Confirmed Yet
Although the Instagram and Facebook outage itself was real and widely reported, TraceX Labs states that there is currently no verified technical evidence proving that the outage was caused by the threat actor behind the dark web portal.
At the time of publication:
- Meta has not confirmed any cyberattack.
- No forensic indicators linking the outage to a DDoS attack have been publicly released.
- No attack infrastructure details or proof-of-compromise evidence have been shared by the actor.
Cybersecurity researchers believe the outage may also have been caused by internal infrastructure failures, routing problems, or configuration-related technical issues rather than malicious external activity.
Meta Yet to Release Official Root Cause
Meta acknowledged the service disruption publicly and confirmed restoration efforts were underway. However, the company has not commented on the dark web claims identified by TraceX Labs.
No official root cause analysis has yet been published.
TraceX Labs Advisory
TraceX Labs advises the public and media organizations to avoid treating unverified dark web claims as confirmed facts without technical evidence.
The company recommends:
- Do not engage with extortion demands or cryptocurrency wallets.
- Wait for official technical investigations before attributing outages to cyberattacks.
- Exercise caution while accessing Tor hidden services and dark web infrastructure.
- Monitor verified cybersecurity intelligence updates for further developments.
Conclusion
At present, the claims made by “ANONYMOUS HOTZ /// APT” remain unverified. While the timing of the dark web post coincides with the global Instagram and Facebook outage, there is currently no confirmed evidence proving the actor was responsible for the disruption.
TraceX Labs continues to monitor the dark web portal, associated cryptocurrency activity, and emerging threat intelligence related to the incident.
About TraceX Labs:
TraceX Labs is an Indian cybersecurity and threat intelligence company specializing in malware analysis, dark web intelligence, cyber investigations, AI-powered security research, and digital threat monitoring.
