Inside the Chaos: Unmasking 4chan’s Hidden Power Structure After the 2025 Breach

We obtained access to the breached 4chan data via the Darkside platform, provided by District 4 Labs. In this article, we share our findings.

4chan is an anonymous imageboard launched in 2003, originally created as a space for sharing Japanese anime and manga content. Over time, it evolved into a chaotic and influential corner of the internet, known for its ephemeral posting style, minimal moderation, and role in shaping internet culture. Users can post without registering, leading to a raw and often controversial environment. While some boards focus on harmless hobbies, others - especially the politically charged /pol/ board and the controversial /b/ board - have been linked to the spread of extremist ideologies, misinformation, and organized trolling campaigns. On April 14, 2025, the notorious imageboard 4chan suffered a significant cyberattack that led to its temporary shutdown. The breach was allegedly orchestrated by members of the rival forum Soyjak.party, who claimed to have infiltrated 4chan's systems for over a year. They released screenshots of 4chan's administrative panels and leaked a list of emails purportedly belonging to the site’s administrators, moderators, and janitors.

In this report, the OSINord research team reveals the organizational structure of 4chan, uncovering its admins, manager, moderators, and janitors. OSINord had exclusive access to the investigative platform Darkside by District 4 Labs, which enabled the team to examine, analyze, and disseminate the leaked information following the hack.

How the Hack Occurred The attackers, operating under the moniker Operation Soyclipse, allegedly exploited vulnerabilities in 4chan's outdated infrastructure. They allegedly gained access to powerful administrative tools that allowed them to view user IP addresses, manage board content, and monitor site-wide statistics. In a notable act of defiance, the hackers reopened the previously defunct /qa/ board and defaced the site with messages announcing the breach.

As part of their access, the attackers also claimed to have compromised the account of Hiroyuki Nishimura, 4chan’s current owner. This level of access - evidenced by screenshots and leaked administrative tools - suggests a deep infiltration into the platform’s highest levels of control.

Motivations Behind the Attack While the exact motivations remain unclear, the attackers cited a desire to expose 4chan’s internal operations and staff identities. The breach may also have been driven by longstanding rivalries between online communities and an effort to highlight perceived security lapses within 4chan’s management.

Exposing the Hidden Organizational Structure Behind the Imageboard

The 4chan data breach exposed all registered email addresses, IP addresses, hashed passwords, usernames, and other related fields. Additionally, the roles of each individual associated with the data were revealed. At the time of the breach in April 2025, a total of 215 users were registered. The distribution of roles among these users is illustrated in the bar chart below.

As seen in the chart, janitors are the most common role within the organizational structure of 4chan, followed by moderators, administrators, and managers.

The above chart illustrates the organizational hierarchy of 4chan.

Registered e-mails

We examined the email providers used by moderators to register on 4chan. Many moderators use burner emails; however, their operational security (OPSEC) is often poor, as it was possible to correlate several moderators with their personal social media accounts.

No email addresses linked to government entities or major corporations were identified. However, a single .edu domain were present, indicating possible connections to academic institutions. Research has identified that the e-mail belong to a student.

Identification of leading admins

Investigations into the administrative structure of 4chan led to the identification of two individuals believed to hold administrative privileges on the platform. These findings were based on their associated email addresses and roles uncovered in the leaked data.

Hiroyuki Nishimura

Hiroyuki Nishimura is a wel-known Japanese internet entrepreneur, best known for founding the anonymous forum 2channel and for acquiring 4chan in 2015. Since taking over 4chan, he has largely remained behind the scenes, delegating day-to-day operations to key staff—most notably a senior moderator known as "RapeApe." While most moderators on 4chan are unpaid volunteers, RapeApe is one of the few confirmed to receive a salary, overseeing moderation policies and internal staff decisions. Under Nishimura’s ownership, 4chan has continued to influence internet culture while facing ongoing scrutiny for its lax moderation and controversial content.

2 unique e-mail addresses and 5 social media accounts was identified on Hiroyuki Nishimura.

Mr VacBob

We identified an individual known by the alias Mr. VacBob as one of the administrators on the platform. His role places him at the top tier of 4chan’s moderation hierarchy, with access to backend tools, board management functions, and oversight of both moderators and janitors. Evidence links Mr. VacBob to administrative actions, suggesting a long-standing and influential presence within 4chan’s operational structure.

Using OSINT Industries, Darkside by District 4 Labs, and other open-source intelligence methodologies and platforms, we were able to correlate Mr. VacBob to an individual residing in California.

We have chosen to anonymize Mr. VacBob’s identity due to ethical considerations.

Who is Mr. VacBob?

Our research identified 35 social media accounts associated with Mr. VacBob. Additionally, 9 unique email addresses and 6 passwords were uncovered. Mr. VacBob’s online activity reveals a strong interest in anime and cosplay, as evidenced by the images shown below.

Research into the leading manager – RapeApe

Under the ownership of Hiroyuki Nishimura and the management of RapeApe, 4chan has shifted toward a more radical and permissive environment - particularly on boards like /pol/. While Nishimura has taken a largely hands-off approach, delegating much of the platform's internal governance, RapeApe has reportedly played an active role in shaping moderation policies and staffing decisions.

Leaked logs and investigative reports suggest that RapeApe has promoted a lenient stance on extremist content, allowing hate speech, conspiracy theories, and politically extreme narratives to flourish. Former staff have accused him of removing moderators who attempted to enforce stricter content standards and of hiring those aligned with his more permissive views.

Together, Hiro and RapeApe's leadership has allowed 4chan to become a hub for far-right organizing, meme warfare, and ideological radicalization - helping fuel movements that have spilled over into real-world events, including violent attacks.

Research into the data breach revealed the following information on RapeApe. However, do to RapeApe’s strict OPSEC measures it was not possible to correlate him with certainty to personal social media accounts as of now. The below e-mail address was correlated to 3 platforms, including a New York Times account.

Conclusion

The 2025 4chan breach offered an unprecedented glimpse into the platform’s internal structure, revealing key staff roles, security vulnerabilities, and the operational dynamics behind one of the internet’s most controversial communities. Through careful OSINT investigation and analysis of the leaked data, we uncovered the organizational hierarchy - from administrators and managers to moderators and janitors - and linked several staff members to real-world identities.