In a major takedown that underscores the growing intersection between cryptocurrency and organized online fraud, blockchain analytics firm Elliptic has exposed a massive cybercrime operation on Telegram revealing that Colorado-based Xinbi Co. Ltd., operating under the alias Xinbi Guarantee, facilitated over $8.4 billion in illicit transactions using Tether (USDT).
Telegram Cracks Down After Elliptic Report
On May 13, Elliptic released its investigative findings, which prompted Telegram to swiftly shut down thousands of channels linked to Xinbi Guarantee and its criminal activities. The platform served as a USDT-powered black market, where users could access a wide range of illicit goods and services, including:
- Money laundering services targeting proceeds from online scams
- Crypto pig butchering scams, where victims are manipulated into investing in fake crypto platforms
- Stolen personal data and identity documents
- Starlink satellite equipment, likely used to aid scam operations across remote regions
Telegram’s enforcement action came as a direct result of Elliptic’s deep-dive, which revealed Xinbi Guarantee’s extensive role in enabling fraud, particularly in Southeast Asia.
$8.4B in USDT Transactions and a Rapidly Expanding Network
Elliptic’s report found that since 2022, the Xinbi Guarantee marketplace processed at least $8.4 billion in USDT transactions, making it one of the largest illicit crypto networks operating today. The platform experienced explosive growth ballooning from 119,000 users in August 2024 to 233,000 by May 2025.
In Q4 2024 alone, Xinbi Guarantee recorded over $1 billion in inflows, highlighting the scale and velocity of illegal crypto activity flowing through the network.
Ties to North Korean Hacking and Global Fraud Rings
One of the most alarming discoveries in Elliptic’s report was Xinbi’s direct link to stolen crypto funds traced to North Korea. Specifically, it was found that $220,000 of the $235 million stolen in the WazirX hack attributed to North Korean actors was laundered through Xinbi Guarantee’s USDT addresses. This connection not only underscores Xinbi’s global reach but also highlights the critical role these Telegram-based platforms play in facilitating nation-state cybercrime.
Telegram and Global Law Enforcement React
Telegram’s response closing down Xinbi Guarantee’s and Huione Guarantee’s illicit channels—is part of a broader move to clean up its platform. However, Elliptic warns that over 30 similar black market operations continue to operate on Telegram, many of them also relying on USDT for anonymous transactions.
A Wake-Up Call for Crypto Regulation
The Xinbi Guarantee case sheds light on a growing trend of USDT being used as the currency of choice for digital fraud and laundering. It raises urgent questions about the responsibilities of platforms like Telegram, as well as the need for greater international oversight and blockchain surveillance.
As regulators and law enforcement scramble to catch up, Elliptic’s revelations serve as a critical reminder that transparency, compliance tools, and data analytics are vital in the fight against crypto-fueled cybercrime.
