Telegram black market involves $8.4 billion in encrypted funds, North Korean hackers’ money laundering chain exposed

A Telegram black market platform called "Xinbi Guarantee" has facilitated over $8.4 billion in crypto-related crimes since 2022, including fraud, money laundering, and ties to North Korean hackers.
The platform operates as a one-stop shop for criminal services, offering tools for scams like "pig butchering," forged documents, personal data, and even illegal tracking/intimidation services.
Tether (USDT) is the dominant payment method, with some funds traced back to North Korean hackers, including stolen assets from the 2023 WazirX exchange hack.
The platform has 233,000 users and processes transactions at a scale surpassing traditional darknet markets, reaching $1 billion in a single quarter in late 2024.
Telegram has since shut down thousands of channels linked to Xinbi and its predecessor, HuiOne Guarantee, which together handled $35 billion in USDT transactions.
Regulatory actions include the U.S. Treasury labeling HuiOne as a "primary money laundering concern," restricting its access to the U.S. financial system.

Since 2022, a Telegram trading platform called "Xinbi Guarantee" has facilitated transactions worth no less than $8.4 billion, becoming the second largest black market platform exposed after HuiOne Guarantee. A report by blockchain analysis company Elliptic shows that merchants on the platform openly sell technical tools, personal data and money laundering services.

"Tether (USDT) is the dominant payment method, with $8.4 billion in transactions processed to date," the report states. "Some of the funds can be traced back to stolen funds from North Korean hackers."

One-stop shop for criminal services

Similar to Huiwang, the New Coin platform provides services to Southeast Asian fraud gangs, including criminal groups that implement "pig killing" fraud. This fraud model has become one of the most profitable forms of cybercrime in recent years.

The notable feature of these criminal markets is that they are completely dependent on Telegram operations, providing a full-process solution from technical tools to money laundering services, making online fraud reach an industrial scale. According to Elliptic, New Coin Guarantee has 233,000 users, and its merchant businesses include money laundering, Starlink satellite equipment, forged documents, and a personal information database used to lock in victims.

Some businesses even provide illegal services such as domestic tracking and intimidation, surrogacy agency and even sex transactions, showing that their criminal ecology goes far beyond the scope of online fraud.

Link to North Korean hackers

Elliptic noted: "The market is growing rapidly - in the fourth quarter of 2024, the transaction volume exceeded $1 billion for the first time in a single quarter. The transaction volume far exceeds that of the first generation of Tor-based darknet markets."

NewCoin claims to be "Investment Capital Guarantee Group" registered in Colorado, USA, with the registered person being Mohd Shahrulnizam Bin Abd Manap. Colorado government records show that the company has been marked as "non-compliant" for failing to submit periodic reports on time.

The investigation also found that after the Indian exchange WazirX was hacked in July last year, North Korea laundered the stolen money through the New Coin and Huiwang platforms. On November 12, 2024, $220,000 in USDT was transferred to a wallet address controlled by New Coin.

Regulatory crackdown and subsequent impact

In response, Telegram has shut down thousands of channels on both platforms, disrupting the two largest black markets that have processed more than $35 billion in USDT transactions.

Previously, the U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) had listed Cambodia's Huiwang Group as a "primary money laundering concern" to restrict its access to the U.S. financial system.

References:

Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering

https://thehackernews.com/2025/05/xinbi-telegram-market-tied-to-84b-in.html