A massive cybercrime operation using Tether (USDT) on Telegram has just been brought to light — and it’s bigger than anyone expected.
According to a new report by blockchain intelligence firm Elliptic, a Colorado-registered company called Xinbi Co. Ltd. was secretly running a shady Telegram-based platform known as Xinbi Guarantee, which facilitated over $8.4 billion in illicit transactions since 2022.
Telegram Cracks Down After Major Revelation
Following Elliptic’s findings, Telegram has taken action, shutting down thousands of channels linked to Xinbi Guarantee and another similar platform, Huione Guarantee.
Xinbi’s Telegram network served as a digital black market for criminals, especially those running pig butchering scams — a growing form of crypto fraud that often targets victims through fake romantic relationships.
But that’s not all. The platform also enabled the sale of fake IDs, Starlink satellite devices, and databases of stolen personal data, helping online fraudsters scale their attacks globally.
How Big Was the Xinbi Scam?
Elliptic’s analysis reveals some alarming growth figures:
- In just nine months, Xinbi’s user base nearly doubled from 119,000 to 233,000 users
- In Q4 2024 alone, Xinbi handled more than $1 billion in crypto inflows
- The total laundering volume crossed a staggering $8.4 billion in USDT
North Korean Hackers Linked to Xinbi
The investigation also uncovered direct ties to North Korean cybercrime. Part of the $235 million stolen in the 2024 WazirX hack — attributed to North Korean hackers — was traced back to Xinbi, with $220,000 in USDT flowing through its wallets.
The Bigger Picture: Telegram as a Criminal Haven?
Elliptic warns that this is just the tip of the iceberg. The firm is currently monitoring over 30 similar illegal Telegram-based marketplaces using stablecoins like USDT to fuel online scams and laundering operations across Asia and beyond.
