Telegram black market involves $8.4 billion in crypto funds, North Korean hackers' stolen money laundering chain exposed

Source: FreeBuf

Since 2022, a Telegram trading platform called Xinbi Guarantee has facilitated a transaction amount of no less than US$8.4 billion, becoming the second largest black market platform exposed after HuiOne Guarantee. According to a report by blockchain analysis company Elliptic, the platform merchants openly sell technical tools, personal data and money laundering services.

"Tether (USDT) is the main payment method, and the market has processed $8.4 billion in transactions so far," the report noted, "some of the funds can be traced back to stolen money stolen by North Korean hackers."

One-stop supply of criminal services

Similar to Huiwang, the Xincoin platform provides services to Southeast Asian fraud gangs, including criminal groups that commit "pig killing". This fraud model has become one of the most profitable forms of cybercrime in recent years.

The distinctive feature of these criminal markets is that they rely entirely on Telegram to provide full-process solutions from technical tools to money laundering services, so as to enable online fraud to reach an industrial scale. According to Elliptic, the SGD guarantee has 233,000 users, and its merchant business covers money laundering, Starlink satellite equipment, forged documents and personal information databases used to lock victims.

Some merchants even provide illegal services such as domestic tracking and intimidation, surrogacy intermediaries, and even sex transactions, indicating that their criminal ecology is far beyond the scope of online fraud.

Relationship with North Korean hackers

Elliptic specifically pointed out: "The market is growing rapidly - the first time in the fourth quarter of 2024, the transaction volume exceeded US$1 billion. The transaction size far exceeds the first generation of the Tor-based dark web market."

The SGD claims to be an "Investment Capital Guarantee Group Company" registered in Colorado, USA, and its registered owner is Mohd Shahrulnizam Bin Abd Manap. Colorado government records show that the company has been marked as a "violation" for failing to submit regular reports on time.

The investigation also found that after the Indian exchange WazirX was hacked in July last year, North Korea cleaned up stolen money through the SGD and Huiwang platforms. On November 12, 2024, US$220,000 was transferred to the wallet address controlled by the SGD.

Regulatory crackdowns and subsequent impacts

In response, Telegram has closed thousands of channels on both platforms, dismantling the two largest black markets that have accumulated over $35 billion in USDT transactions.

Previously, the U.S. Treasury Department's Financial Crime Enforcement Network (FinCEN) has listed Cambodia Huiwang Group as the "primary money laundering concern" to restrict its access to the U.S. financial system.

Reference source:

Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering

https://thehackernews.com/2025/05/xinbi-telegram-market-tied-to-84b-in.html