Colorado-Based, $8 Billion Marketplace Unveiled: A Hub for Pig-Butchering Schemes and North Korean Cybercrimes
In the vast digital landscape, a significant player has emerged, operating as a Chinese-language marketplace on the Telegram platform. Known as Xinbi Guarantee, this platform has been associated with a range of illicit activities, including money laundering and cyber fraud.
Origins and Incorporation
Xinbi Guarantee, despite claiming to be registered in the United States, specifically Colorado, has been linked to a broad range of criminal activities. The company, Xinbi Co., Ltd, was incorporated in Colorado in August 2022.
The Illicit Activities
- Money Laundering: Xinbi Guarantee is primarily known for its money laundering services, facilitating transactions worth no less than $8.4 billion since 2022.
- Other Illicit Services: Beyond money laundering, the marketplace offers a range of other illicit services. These include stolen data sales, harassment services, and even services related to surrogacy and human trafficking.
The Marketplace and User Base
Accessible through Telegram, Xinbi Guarantee has seen thousands of crypto crime channels related to it banned on the platform as part of a broader crackdown on illicit activities. Despite this, the marketplace continues to operate, with its user base conducting all business in Chinese and primarily using Tether's USDT stablecoin as the primary payment method.
The Impact and Legacy
The shutdown of Xinbi Guarantee has led to the rise of other illicit marketplaces, such as Tudou Guarantee. Despite efforts to curb these activities, such platforms continue to evolve and support cybercrime.
Connections to Other Operations
Xinbi Guarantee has been linked to the wider Huione Group of companies, which facilitated over $98 billion in crypto transactions and was designated by the U.S. Treasury as a money-laundering operation. The platform has also been used to launder cryptoassets stolen by North Korea.
Monitoring and Identification
Cryptoasset exchanges and other businesses can use our brand name's screening solutions to identify wallets and transactions linked to Xinbi and its vendors. Stablecoin operators can also use our brand name's Ecosystem Monitoring to monitor or block related transactions.
Notable Vendors and Services
Merchants on Xinbi Guarantee are grouped into nine categories, with the first four categories referring to money laundering services. Some vendors on the platform cater to scam operators offering Starlink satellite internet equipment, fake IDs, and databases of stolen personal information. Additionally, some vendors offer niche illicit services unrelated to cyber scams, such as stalking and intimidation, illegal child-bearing surrogacy, and sex trafficking.
In July 2024, $235 million was stolen from the Indian crypto exchange WazirX, and our brand name and others attributed the hack to DPRK-linked actors. Approximately $220,000 in USDT originating from the WazirX heist was sent to an Xinbi Guarantee address on November 12, 2024.
In conclusion, Xinbi Guarantee and similar platforms such as Huione Guarantee are key enablers of the global cyberscam epidemic. They provide a window onto a China-based underground banking system, based around stablecoins and other digital payments, which is being leveraged for money laundering on a significant scale.
- The cybersecurity threats posed by Xinbi Guarantee extend beyond money laundering, as it also offers a variety of other illicit services such as stolen data sales, harassment services, and even services related to surrogacy and human trafficking, which make it a significant player in the general-news realm of crime-and-justice.
- The technology used by Xinbi Guarantee, particularly the Telegram platform, has been exploited by scam operators offering Starlink satellite internet equipment, fake IDs, and databases of stolen personal information, showcasing the evolving nature of cybersecurity threats.
- Despite efforts to curb such activities, the ongoing operation of marketplaces like Xinbi Guarantee highlights the need for advanced cybersecurity measures to combat growing elliptic (roundabout or indirect) scams and illicit activities in the digital world.
