Operation Soyclipse - 4chan Hacked April 2025.

by DD

April 18, 2025

On April 14, 2025, the controversial imageboard website 4chan.org experienced a significant breach of its security. This hack has raised concerns about the site's operational integrity and the ramifications for its moderation team, while also shedding light on troubling vulnerabilities within the website's underlying codebase.

4chan is an imageboard website launched in 2003, primarily known for its anonymity and a diverse range of topic-centric boards. Each board hosts discussions and posts on subjects from anime and technology to politics and random topics. Given its unfiltered and open nature, 4chan has cultivated a unique subculture that features both creative and controversial content, often sparking heated debates and criticism. The site operates with minimal moderation, relying on volunteer moderators, colloquially known as "janitors," to enforce community guidelines. Over the years, 4chan has gained a notorious reputation for hosting content that can be offensive, inflammatory, or illegal.

The breach at 4chan resulted in the exposure of crucial data regarding the site's moderation processes and the registration details of its moderation team. Unlike many data breaches that focus on user data, this hack appears to be driven by a specific vendetta against 4chan's moderation team, with the hackers showing little interest in exposing personal information about typical users.

The leaked data from the hack poses a significant threat to 4chan's janitors and moderation team, who could potentially face doxxing and harassment from angry members of the imageboard scene.

In addition to leaking moderation details, the hackers disclosed the site's PHP source code, which indicates that 4chan's codebase is not only outdated, but also poorly maintained. These leaks raise concerns about additional vulnerabilities that may be lurking in the code, potentially enabling further exploits.

The hack is believed to have been conducted by members of soyjak.party, an alternative imageboard that was originally created as a joke. It was not intended to compete with 4chan but rather emerged as a platform for users seeking a different kind of community.

Following the closure of the /qa/ board on 4chan, many former members left the site and migrated to soyjak.party as a form of protest against 4chan’s decision to remove the board.

The attackers re-opened the /qa/ board on 4chan and added a message stating "/QA/ RETURNS. SOYJAK.PARTY WON. #PACKWATCH," accompanied by animated GIFs of Hatsune Miku dancing to "Night of Knights" by COOL&CREATE.

The method employed in the 4chan hack took advantage of a significant vulnerability related to file uploads. The attackers utilized a form that accepted PDF files but did not properly verify the type of file being uploaded. This oversight allowed them to upload malicious PostScript code instead of a legitimate PDF.

4chan relied on a very outdated version of Ghostscript from 2012 to generate thumbnail images for the uploaded files. During the thumbnail creation process, Ghostscript executed the malicious code contained within the PostScript file, which provided the hackers with their initial foothold into the site's infrastructure.

In the aftermath of the hack, 4chan voluntarily took its servers offline to prevent further attacks that might exploit knowledge gained from the leaked code. As of April 17, 2025, the site remains non-operational.

Additionally, the downtime has led to a noticeable influx of users migrating to alternate platforms and forums, as many from the 4chan user base seek other venues for discussion and engagement in the meantime.