Key Takeaways:
- Telegram removed multiple channels linked to Xinbi and Huione Guarantee.
- The takedown targeted groups operating in Chinese and Southeast Asian markets, where fraud networks have used stablecoins and encrypted messaging to coordinate scams.
- The operation showed Telegram’s growing role in cybercrime investigations.
Telegram recently made headlines by removing thousands of channels associated with the illicit **Chinese-language marketplaces** known as **Xinbi Guarantee** and **Huione Guarantee**. This significant **action** came in the wake of a detailed report by the blockchain analytics firm **Elliptic**, which uncovered alarming activities connected to these channels, including illicit transactions surpassing **$35 billion** that predominantly utilized **Tether (USDT)**, a widely used stablecoin.
Elliptic’s analysis indicates that since 2022, more than **$8.4 billion** in USDT has been funneled through **Xinbi**, while **Huione**, believed to have connections with Cambodia’s political elite, accounts for at least **$27 billion** in transactions. This marketplace is notorious for offering services that span **money laundering**, fake identification, personal data theft, and even **intimidation-for-hire** services.
How Xinbi and Huione Operate: Telegram, Stablecoins, and Illicit Services
Both **Xinbi Guarantee** and **Huione Guarantee** have effectively established themselves as **convenient** resources for cybercriminals aiming to launder stolen funds, conceal identities, or find new targets. They operate as comprehensive **marketplaces** on Telegram, leveraging the platform’s **encrypted messaging** and group-based architecture to facilitate substantial interactions between buyers and sellers.
Huione Guarantee first came to the attention of investigators in **July 2024** through Elliptic’s research, which revealed its wide range of offerings. These include databases of stolen personal information, fabrication of documents, and advanced tools for **money laundering**.
As part of the **Cambodia-based Huione Group**, Huione Guarantee is linked to criminal elements within the political hierarchy of Cambodia. Similar to its counterpart, it provides an array of illegal services, including access to confidential data, bank account shortcuts, disposable phones, and even malware.
Notably, Elliptic’s findings show that **Xinbi Guarantee** has attracted a user base of over **233,000** individuals, with vendors categorized into nine different types, including document forgery, **SIM card trafficking**, database access, and cryptocurrency money laundering. These sellers openly promote their ability to “clean” profits from **pig butchering scams**, a deceptive type of fraud where victims are tricked into transferring vast sums of cryptocurrency, often under the guise of romantic or investment opportunities.
Additionally, a shocking revelation by Elliptic highlighted that **$220,000** in USDT, stolen during the **WazirX exchange hack** in July 2024, was traced back to wallets associated with Xinbi. This showcases the intricate web of connections within the cybercrime ecosystem.
Moreover, the scope of services offered by both platforms extends beyond mere money laundering. Reports suggest that they are entangled with **scam compounds** scattered throughout **Southeast Asia**, particularly in countries like Cambodia, Laos, and Myanmar. Here, victims of human trafficking are coerced into conducting online fraud.
These scam operations often masquerade as legitimate employment opportunities within the IT or customer service sectors, luring individuals from across **Asia** with attractive salary promises. Once affected, many victims face **abuse** and coercion, executing romance scams, cryptocurrency frauds, and blackmail schemes under constant surveillance.
Interestingly, Telegram is not merely a communication vector for these illicit activities but also serves for **reputation management**, fulfilling orders, and resolving disputes between vendors and clients. Notably, Telegram has not officially commented on the removal of the Xinbi and Huione channels.
Telegram’s Shift from Messaging App to Cybercrime Marketplace
The dismantling of the Xinbi and Huione channels underscores a broader trend illustrating how illegal activities are migrating from the **darknet** to encrypted applications like Telegram. While the platform was designed for privacy, its encryption features have made it a favored tool for criminal networks, particularly across Southeast Asia.
According to **United Nations** reports, Telegram facilitates an astounding **$36.5 billion annually** in illicit activities, including scams, laundering, and data sales, almost always utilizing **USDT**. Criminal factions on the platform even promote advanced **deepfake tools** and malware.
The UN has previously stated that Tether (USDT) is the stablecoin of choice among criminal networks in Asia. In a clear indictment of the platform, the **U.S. Treasury** recently identified the **Huione Group** as a significant **money laundering** concern involved in **$98 billion** of cryptocurrency transactions, some of which are linked to North Korea’s notorious **Lazarus Group**.
As of now, Elliptic has identified more than **30 similar Telegram-based markets** promoting illicit activities. In response to these findings, Telegram has begun implementing changes, such as removing features including “**People Nearby**” and updating user FAQs, but experts argue that substantial interventions are necessary to prevent the application from continuing to facilitate global cryptocurrency crime.
The post Telegram Torches Chinese Crypto Laundering Hubs in $8.4B USDT Crackdown appeared first on Cryptonews.


Huione Guarantee, an online marketplace operated by Huione Group, has been involved in facilitating online scams in Southeast Asia.
A new United Nations report is calling out Telegram for affecting organized crime in Southeast Asia amid Pavel Durov’s legal woes.
The U.S. Treasury’s financial crimes arm has proposed removing the Huione Group from the US financial system for its alleged involvement in Lazarus-linked crypto laundering.