A report by blockchain analytics firm Elliptic has exposed Xinbi Guarantee, a massive Chinese-language Telegram marketplace, as a central player in Southeast Asia’s pig butchering scams and other organized cyberfraud. The platform is also implicated in laundering stolen cryptocurrency linked to North Korean hackers.

According to Elliptic, Xinbi Guarantee has facilitated at least $8.4 billion in transactions since 2022, primarily in the USDT stablecoin, making it one of the largest illicit online marketplaces ever uncovered. The true volume is likely even higher, with transaction growth accelerating rapidly in late 2024.

The platform, which claims to be a Colorado-based investment company, was incorporated in August 2022 but was declared “delinquent” in January 2025 after failing to file required corporate paperwork. Despite its official front, Xinbi Guarantee is reportedly home to more than 200,000 users engaged in illegal activities ranging from financial fraud to human trafficking.​​

                                    Xinbi Guarantee Registration in Colorado

Background

Xinbi Guarantee vendors are grouped into nine categories, with four dedicated exclusively to money laundering services. Sellers openly advertise their ability to clean “dirty money” derived from scams like pig butchering. These services are often labeled as converting criminal proceeds into “white capital.”

                Illegal sale of Starlink in Xibi Guarantee(Source: Elliptic)

Beyond financial laundering, the marketplace also offers illegal goods and services used by scam operators, including Starlink internet kits (frequently used in scam compounds), stolen personal data, fake identification documents, and even human trafficking services. Some vendors allegedly advertise surrogate mothers and egg donors, both of which are illegal under Chinese law, and there are reports of sex trafficking involving girls as young as 14.

Ties to North Korean Cybercrime

Elliptic also uncovered evidence that Xinbi Guarantee has been used to launder cryptocurrency stolen by North Korean hackers. In July 2024, North Korea-linked actors were behind a $235 million theft from Indian crypto exchange WazirX. On November 12, 2024, blockchain analysis showed $220,000 in stolen USDT from that hack was sent to addresses linked to Xinbi Guarantee in nine separate transactions.

                        DPRK ties to XINBI Guarantee

These findings suggest that the platform is not just a regional cybercrime hub but a key infrastructure for laundering proceeds from some of the world’s most sophisticated state-sponsored hacking operations.

Conclusion

Elliptic’s analysis reveals that Xinbi Guarantee’s transaction volumes vastly exceed those of first-generation darknet marketplaces like Silk Road and AlphaBay. The platform’s scale highlights a shift in the cybercriminal economy from drug trafficking to large-scale financial fraud and scams driven by social engineering and digital deception.

As regulatory and law enforcement agencies increase pressure on darknet operators, platforms like Xinbi Guarantee represent a new, harder-to-police frontier. Unlike traditional dark web marketplaces, Xinbi operates openly on Telegram, using encrypted communications and decentralized finance (DeFi) tools to move and obscure funds.

Now Telegram has removed thousand of channels related to Xinbi Guarantee

Source: hxxps[://]www[.]elliptic[.]co/blog/xinbi-guarantee

Follow Cybersecurity88 on X and Linkedin for the latest cybersecurity news