Source: FreeBuf
Since 2022, a Telegram trading platform called 'Xinbi Guarantee' has facilitated transactions amounting to no less than $8.4 billion, becoming the second-largest black market platform exposed after Huiwang Guarantee. According to blockchain analysis firm Elliptic, merchants on this platform openly sell technical tools, personal data, and money laundering services.
'Tether (USDT) is the primary payment method, and this market has processed $8.4 billion in transactions to date,' the report states, 'some of the funds can be traced back to money stolen by North Korean hackers.'
One-stop Supply of Criminal Services
Similar to Huiwang, the Xinbi platform provides services for Southeast Asian scam groups, including criminal organizations that implement 'pig butchering' scams. This scam model has become one of the most profitable forms of cybercrime in recent years.
A significant characteristic of these criminal markets is their complete reliance on Telegram for operations, providing a full range of solutions from technical tools to money laundering services, achieving an industrial scale in online scams. According to Elliptic, Xinbi Guarantee has 233,000 users, and merchant services cover money laundering, Starlink satellite equipment, forged documents, and personal information databases used to target victims.
Some merchants even offer illegal services such as domestic stalking and intimidation, surrogacy intermediaries, and even sexual transactions, indicating that their criminal ecosystem far exceeds the realm of online scams.
Connection to North Korean Hackers
Elliptic specifically points out: 'The market is growing rapidly - it achieved a quarterly trading volume of over $1 billion for the first time in Q4 2024. The trading scale far exceeds that of the first generation of Tor-based dark web markets.'
Xinbi claims to be a 'Capital Investment Guarantee Group' registered in Colorado, USA, with the registrant being Mohd Shahrulnizam Bin Abd Manap. Records from the Colorado state government indicate that the company has been marked as 'non-compliant' for failing to submit periodic reports on time.
The investigation also found that after the Indian exchange WazirX was hacked in July last year, North Korea laundered stolen funds through the Xinbi and Huiwang platforms. On November 12, 2024, $220,000 USDT was transferred to a wallet address controlled by Xinbi.
Regulatory Crackdowns and Subsequent Impacts
In response, Telegram has shut down thousands of channels from the two platforms, dismantling the largest black market that has processed over $35 billion in USDT transactions.
Previously, the U.S. Treasury's Financial Crimes Enforcement Network (FinCEN) had designated the Huiwang Group in Cambodia as a 'primary money laundering concern' to restrict its access to the U.S. financial system.
Reference Source:
Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering
https://thehackernews.com/2025/05/xinbi-telegram-market-tied-to-84b-in.html