A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee.
According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering services.
“The USDT stablecoin is the primary payment method, with the market having received $8.4 billion in transactions to date,” the company said. “Some transactions can be linked to funds stolen by North Korea.”
Xinbi, like HuiOne, has offered its services to scammers in Southeast Asia, including those responsible for so-called romance baiting schemes (formerly referred to as “pig butchering”), which has become one of the most lucrative forms of cybercrime in recent years.
What’s notable about these criminal bazaars is that they are entirely run on Telegram, becoming a one-stop shop to avail a wide range of services, ranging from technical tools to money laundering services to pull off online fraud at an industrial scale.
Xinbi Guarantee, per Elliptic, has 233,000 users, with merchants broken down to broad categories related to money laundering, Starlink satellite internet equipment, fake IDs, and databases of stolen personal information used to target potential victims.
Other vendors go a step further by offering to stalk and intimidate any chosen target within China, provide women to act as egg donors or surrogates, or even engage in sex trafficking, indicating that the illicit services go beyond cyber scams.
“The marketplace is seeing strong growth – with Q4 2024 the first quarter to see inflows of more than $1 billion,” Elliptic said. “Transaction volumes on Chinese-language Guarantee marketplaces such as Huione and Xinbi Guarantee dwarf those of the first generation of Tor-based darknet marketplaces.”
But perhaps the most interesting aspect of Xinbi is that it claims to be an “investment and capital-guarantee group company” registered in the U.S. state of Colorado by someone named Mohd Shahrulnizam Bin Abd Manap. According to the state corporate register, the company was incorporated in August 2022. It has since been marked as “Delinquent” for failing to file its periodic reports.
Both Xinbi and HuiOne Guarantee have also been used to launder cryptocurrency assets stolen by North Korea following the hack of the Indian cryptocurrency exchange WazirX last July, with $220,000 in USDT sent to the wallet addresses controlled by the former on November 12, 2024.
In response to the findings, Elliptic said Telegram has shut down thousands of channels belonging to the two services, effectively disrupting the two largest marketplaces that have engaged in over $35 billion in USDT transactions.
The development comes weeks after the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) designated Cambodia-based HuiOne Group as a “primary money laundering concern” in a bid to limit its access to the U.S. financial system.
“These platforms also provide a window onto a China-based underground banking system, based around stablecoins and other digital payments, which is being leveraged for money laundering on a significant scale,” Elliptic said.
About The Author
Original post here
