Do Son 
The infamously clandestine marketplace known as Xinbi Guarantee, long serving Chinese-speaking fraudsters and money launderers, has been revealed to be officially registered in the U.S. state of Colorado. According to analysts, its Telegram channels have processed over $8.4 billion since 2022—primarily originating from victims of cryptocurrency investment scams, including the notorious “Pig Butchering” scheme.
Functioning as a comprehensive black market, the platform offered not only cash-out and laundering services for crypto fraudsters but also catered to North Korean cybercriminals. It granted access to stolen data, Starlink proxy subscriptions, SIM cards, and even darker offerings—from surveillance and threats to underage sex trafficking and illegal egg harvesting.
Following the exposure of a similar platform, Huione Guarantee, last year, Xinbi Guarantee has become the second major Chinese-language marketplace of its kind to draw the attention of experts. While it branded itself as a “guarantee service” backed by seller deposits, the platform managed to remain largely under the radar—until its recent removal from Telegram.
After receiving inquiries from the media and a detailed report by Elliptic, Telegram has recently shut down the primary channels and accounts associated with both Xinbi and Huione. Although previous takedowns failed to prevent Huione from rebuilding its infrastructure under new identities, it remains uncertain whether either service will manage to re-establish itself within the messenger ecosystem.
Remarkably, Xinbi is still legally listed as a company registered in the United States, with its address linked to an office park in Aurora, Colorado. The entity was registered in August 2022 under the name “Mohd Shahrulnizam Bin Abd Manap,” a figure reportedly connected to Malaysian nationals. Its current legal status is marked as “inactive,” likely due to non-payment of fees or failure to submit required documentation.
Experts note that registering Chinese companies in the U.S. is often a strategy to feign legitimacy, open accounts in American banks, and establish formal ties with other entities. In Xinbi’s case, this may have been an attempt to extend beyond the Asian criminal underworld—or simply a facade for widespread illicit operations.
Blockchain forensics revealed that Xinbi was not only used by scammers but also by North Korean hackers. Notably, $220,000 traced from the July 2024 breach of the Indian exchange WazirX ended up in wallets associated with the platform. Additionally, the marketplace hosted listings for trading personal data, proxy service connections, and overtly criminal services—ranging from graffiti vandalism on victims’ property to threats involving individuals infected with HIV.
The platform’s primary currency was the stablecoin Tether, favored in criminal circles for its price stability. However, unlike Bitcoin, Tether is centralized and capable of freezing assets linked to suspicious activity. Representatives from Tether have stated their commitment to cooperating with law enforcement and freezing wallets upon receiving credible intelligence.
Despite recent disruptions, both Telegram and Tether remain vital infrastructure pillars for the Chinese-speaking crypto underground, which is estimated to include around 30 similar markets. Participants in such networks have repeatedly demonstrated their resilience, re-emerging under new aliases while retaining their established clientele and supply chains.
The Xinbi Guarantee phenomenon is not merely a tale of a sophisticated criminal enterprise—it is a stark illustration of how effortlessly a billion-dollar shadow market can cloak itself in formal U.S. registration and maintain a public presence on mainstream platforms. And even if this particular venture vanishes, it is almost certain that dozens more will rise to inherit the mantle of the Chinese-speaking cryptocrime ecosystem.
Donate