A Global Crime Syndicate with a Colorado Zip Code
In a strange twist of global crime and digital deception, one of the largest Chinese-language cybercrime markets in the world has been operating under the disguise of a legally registered business in the United States. The company is called Xinbi Guarantee, and according to a new investigation by the blockchain research firm Elliptic, it has helped criminals move over $8.4 billion in illicit funds since 2022. The market has served as a hub for crypto scammers, money launderers, and even North Korean hackers. What makes it even more bizarre is that Xinbi Guarantee is officially incorporated in Aurora, Colorado.
Xinbi Guarantee may look like a normal business on paper, but online it operated as a Telegram-based marketplace that offered an astonishing range of illegal services. These included converting stolen cryptocurrency into cash, laundering money across borders, buying stolen data, and even arranging targeted harassment and sex trafficking. Despite being marketed to Chinese-speaking users, the company boasted on its website—in Mandarin—that it was legally based in the United States.
“Xinbi Guarantee has served as a giant, purportedly US-incorporated illicit online marketplace for online scams that primarily offers money laundering services,” said Tom Robinson, the cofounder of Elliptic. He added that their research also uncovered disturbing extras like “child-bearing surrogacy and egg donors, harassment services that offer to threaten or throw feces at any chosen victim, and even sex workers in their teens who are likely trafficking victims.”
The Business Model: A “Guarantee” for Criminal Deals
Xinbi Guarantee used a model similar to another cybercrime marketplace called Huione Guarantee, which Elliptic previously exposed. The business model works like this: third-party vendors pay a deposit to the platform, which acts as a guarantee for the buyers. This system is supposed to reduce fraud between criminals. Ironically, it mimics how legitimate online marketplaces like eBay or Amazon offer protections for buyers and sellers. In Xinbi’s case, though, the products were services like money laundering, fake identification documents, or intimidation tactics.
Despite the extreme nature of the services being offered, Xinbi Guarantee managed to stay under the radar. Even as it grew into one of the most powerful underground markets for Chinese-speaking scammers, its Colorado registration gave it a layer of legitimacy. According to Elliptic, Xinbi Guarantee had the second highest volume of transactions for any illicit marketplace it has ever tracked, behind only Huione Guarantee’s estimated $24 billion.
Robinson told WIRED, “Both services offer a window into the China-based underground banking network. It’s another example of these huge Chinese-language ‘guaranteed’ marketplaces that have thrived for years.”
Tools of the Trade: Telegram and Tether
Telegram and Tether were the main tools that allowed Xinbi Guarantee to flourish. Telegram served as the communication channel, allowing criminals to create private and public groups to arrange illegal services. Tether, a cryptocurrency that is pegged to the value of the US dollar, was the primary form of payment. Because it is a stablecoin, users prefer it over other cryptocurrencies like Bitcoin since its value does not swing dramatically.
Elliptic found that some Xinbi vendors would receive payments in the same country as the victim using regular bank accounts, and then convert those funds into Tether to send to the scammer. In other cases, the criminals would accept cryptocurrency from the scammer and cash it out in Chinese renminbi or other local currencies.
The use of Tether has raised alarms because it enables fast and anonymous transactions. But Tether also has features that make it traceable. In response to the WIRED article, a spokesperson from Tether said, “We are not passive observers—we are active players in the global fight against financial crime. If you’re considering using Tether for illicit purposes, think again: it is the most traceable asset in existence.”
Telegram, after being contacted by WIRED, banned multiple Xinbi Guarantee channels. Spokesperson Remi Vaughn told WIRED, “Criminal activities like scamming or money laundering are forbidden by Telegram’s terms of service and are always removed whenever discovered. Communities previously reported to us by WIRED or included in reports published by Elliptic have all been taken down.”
However, Elliptic researchers remain cautious. After Telegram banned similar channels for Huione Guarantee earlier this year, they were quickly replaced. “These are very lucrative businesses,” Robinson said, “and they’ll attempt to rebuild in some way.”
The North Korean Connection
One of the most concerning revelations from Elliptic’s investigation is that North Korean hackers also used Xinbi Guarantee. The researchers tracked $220,000 worth of stolen cryptocurrency from the July 2024 WazirX exchange hack to Xinbi accounts. That hack resulted in a total loss of $235 million and was widely blamed on state-sponsored hackers from North Korea.
The fact that a U.S.-registered company helped North Korean agents move stolen money highlights the danger of such marketplaces. These platforms do not just support fraud; they may also be enabling international cyber warfare and hostile actions against democratic countries.
Shocking Services Beyond Financial Crimes
Xinbi’s marketplace wasn’t limited to laundering money. Elliptic discovered several disturbing services being offered. Some vendors promised harassment campaigns in exchange for Tether, which included placing funeral wreaths at victims’ homes, graffiti attacks, and even sending people pretending to be AIDS patients to intimidate them.
There were also posts offering surrogate mothers and egg donors, often showing cropped images of women’s bodies. More alarmingly, sex workers as young as 14 years old were reportedly offered by vendors. One merchant told an Elliptic researcher that sex with minors would not be covered by Xinbi’s guarantee, even though China’s legal age of consent is 14.
Why Incorporate in the U.S.?
Elliptic and outside experts believe Xinbi’s decision to register in Colorado was a calculated move. By incorporating in the United States, the company could open U.S. bank accounts and appear more legitimate to clients and financial institutions.
Jacob Sims, a visiting fellow at Harvard’s Asia Center, explained that Chinese criminals often use U.S. incorporation as a tactic to seem trustworthy. “If you have a US presence, you can also open US bank accounts,” Sims said. “You could potentially hire staff in the US. You could in theory have more formalized connections to US entities.”
Xinbi’s registration was filed by Mohd Shahrulnizam Bin Abd Manap in August 2022. While WIRED tried to find out more about him, it was unclear which individual in Malaysia actually set up the company. The Colorado Secretary of State’s website now lists the company as “delinquent,” possibly because it failed to file required paperwork.
What Can Be Done to Stop This?
Experts say that the global community needs to take stronger steps to fight these digital black markets. That includes:
- Tightening regulation of cryptocurrency: Governments need to enforce stricter Know Your Customer (KYC) and Anti-Money Laundering (AML) laws for crypto exchanges.
- Improving cooperation between tech companies and law enforcement: Platforms like Telegram must be more aggressive in removing illegal groups and accounts.
- Using technology to trace crime: Blockchain analytics firms like Elliptic and Chainalysis are already working to track suspicious transactions. Artificial intelligence could help detect patterns and stop scams before they spread.
- Educating the public: Consumers must be aware of the signs of fraud, especially in investment offers or cryptocurrency schemes. Most scams lure victims by pretending to offer easy profits with little risk.
The Future of Cybercrime Marketplaces
Although Telegram has taken down Xinbi Guarantee’s channels, Elliptic is tracking about 30 other similar markets, most of which operate in Chinese. With billions of dollars at stake, it is likely that Xinbi—or a rebranded version of it—will return. New platforms will also try to fill the gap.
“The scale at which they’re operating and also the brazenness is just remarkable,” said Jacob Sims.
Xinbi Guarantee is a warning about how digital tools, anonymous currencies, and weak enforcement can create an environment where crime thrives. As the world becomes more connected, it is also more vulnerable. Fighting these threats will require a combination of smarter laws, better technology, and strong public awareness.
The story of Xinbi Guarantee is not just about one company—it is about the future of crime in the digital age.
ACZ Editor: Make no mistake, this organization is part of the Chinese intelligence network, under their control, if not outright owned by them. Our own sources say that Telegram is rife with such traffic, in the tens of billions of dollars worth. This is a much bigger story.
