A Chinese crypto service called Xinbi Guarantee, an online marketplace for laundering money, for-hire harassment, hacking rings, and sex trafficking, was hiding in plain sight in Colorado — until crypto-tracking group Elliptic caught wind of the operation.
According to the firm's latest report, Xinbi's business was mostly conducted through the freewheeling messaging site Telegram, where criminal operatives based mostly in Southeast Asia sold illicit services and orchestrated movements of stolen cash and data.
According to Elliptic, around $8.4 billion has been funneled through the crypto operation, primarily by way of Tether stablecoins.
Now, though, Xinbi might be in trouble: when Wired — which first reported on Elliptic's findings — reached out to Telegram to inquire about the marketplace, the social media site responded by removing several accounts connected to Xinbi and its administrators.
Per Wired, the bulk of Xinbi Guarantee's transactions are related to "pig butchering" schemes — online scams that involve a fraudster spending weeks or months developing a close (usually romantic) relationship with a target, before tricking them into investing in phony financial opportunities — and other financial scams.
The service was also used to hawk Starlink internet devices, which have been used to power criminal groups around the world. Large sums of stolen crypto funds connected to North Korean hacking sprees also appear to have moved through the service.
Other business dealings were even darker. Some criminals offered physical harassment campaigns, while others appeared to be using the site to sell people, including girls as young as 14, for sex.
So what does all of this have to do with Colorado? According to Wired, state records show that Xinbi was registered in an Aurora office park in 2022 by someone named "Mohd Shahrulnizam Bin Abd Manap," but has since become "delinquent."
Jacob Sims, a visiting fellow at Harvard's Asia Center, told Wired that incorporating a business in the US offers an air of legitimacy and possible routes to hiring staff and making inroads with US entities. However, given the delinquency, Sims added, that might not have worked out.
What happens next remains to be seen. Last year, Elliptic unmasked a similar platform, Huione Guarantee, which researchers found had moved around $24 billion in illicit funds. Telegram shut down related channels — but, per Wired, they quickly started cropping back up.
The marketplaces are "remarkable for both the scale at which they're operating," Sims told Wired, "and also the brazenness."
In response to Elliptic and Wired's new reporting, Telegram says it's once again shut down accounts related to both black markets.
"Criminal activities like scamming or money laundering are forbidden by Telegram's terms of service and are always removed whenever discovered," Telegram told Wired in a statement. "Communities previously reported to us by WIRED or included in reports published by Elliptic have all been taken down."
More on crypto darknets: Pardoned by Trump, Founder of Silk Road Now Appears to Be Squandering Donations on Stupid Meme Coins
Share This Article