Executive Summary
On June 16, 2025, Crypton.sh went completely offline following the unannounced physical seizure of its primary dedicated server by Icelandic authorities. The action was part of a U.S.-led international investigation into the darknet marketplace "Archetyp". The server was identified as one of at least two machines in Iceland that had been misused by individuals connected to that marketplace.
The outage lasted around 52 hours. Full service was restored on June 18, 2025, after rapid migration to a new anycast-backed infrastructure. No user messages were compromised, all content remains end-to-end encrypted and was never accessible to authorities or the hosting provider.
Root cause: Physical seizure under Icelandic court order R-319/2025 (collateral impact of third-party abuse).
Impact: 100% downtime from June 16 ~10:00 UTC to June 18 ~14:00 UTC (52 hours).
Resolution: Complete migration to anycast server network.
Incident Timeline
| Date/Time (UTC) | Event Description |
|---|---|
| June 11–13, 2025 | Archetyp Market taken down in multinational operation |
| June 16, 2025 (morning) | Server seized at [REDACTED DATACENTER] in Iceland (case R-319/2025). Service offline |
| June 16 ~10:00 | Monitoring alerts fire; outage confirmed |
| June 16 afternoon | Datacenter confirms physical seizure by authorities |
| June 17 08:41 | Formal inquiry sent to lead officer |
| June 17 afternoon | Officer replies: June 17 is Icelandic public holiday; details tomorrow |
| June 18 morning | Full explanation received + court order; forensic imaging in progress |
| June 18 ~14:00 | Migration to new anycast infrastructure complete; service fully restored |
| June 18 afternoon | Public blog post published; law enforcement transparency page launched |
What Happened
The service was running on a single high-performance dedicated server in Iceland. Despite Iceland’s strong privacy reputation, the country participates in international cybercrime task forces. After the Archetyp takedown, investigators traced activity to Iceland, obtained an initial identification order, and later a second court order permitting full confiscation and forensic imaging of the machine (14 TB of disks). No advance notice was provided to Crypton.sh or the datacenter, this is standard in active investigations.
The service itself was never the primary target; it was affected because a negligible fraction of numbers had been abused by individuals linked to the marketplace.
Impact
- 100% service unavailability for ~52 hours
- Zero user data exposure or loss
Detection & Response
- Automated health checks detected the outage within minutes
- Datacenter confirmed seizure within ~2 hours
- Monitoring channels activated; status page updated immediately
- Parallel migration work began on June 16 while awaiting official details
- Full context received June 18 morning → restoration completed same day
Resolution
All traffic and data were migrated from encrypted backups to a new anycast network with multiple upstream providers and geographically distributed nodes. Propagation was near-instant thanks to pre-configured low TTLs. The original server was returned to the datacenter on June 19 and decommissioned.
Preventive Measures & Improvements Implemented
- Full migration to anycast network with multiple nodes and providers (target completion Q3 2025, already live in production).
- Direct integration of additional out-of-band host reachability and datacenter status monitoring.
- Explicit seizure-notification clauses added to all new and renewed hosting contracts where legally possible.
- Public Law Enforcement Information & Compliance page launched at Law Enforcement Information.
This page now contains clear guidelines, contact details, and legal requirements for any future requests, significantly reducing the chance of unannounced physical actions by providing authorities an official, rapid cooperation channel.
The service is now dramatically more resilient to single-point physical seizures, and the new transparency page ensures law enforcement has a direct, documented path for any legitimate future needs, greatly lowering the risk of similar disruptions.
We sincerely apologize for the inconvenience caused and thank the community for their understanding during the restoration process.
Seizure Warrant: [PDF Link]
