Telegram Takes Down $35B Illicit Market for Stolen Data and Crypto

On Thursday, messaging platform Telegram announced the takedown of two sprawling black markets—Xinbi Guarantee and Huione Guarantee—that collectively funneled over $35 billion in revenue since 2021. According to blockchain analytics firm Elliptic, these Chinese-language hubs dwarfed the infamous Silk Road drug marketplace, which the FBI shut down in 2013 with an estimated value of $3.4 billion.
Scale and Impact of the Shutdown
Elliptic’s latest report indicates that Xinbi and Huione facilitated:
- Sale of compromised credentials from mega breaches (billions of email/password pairs).
- Money-laundering services leveraging built-in Telegram bots and deep-linking channels.
- Access to telecom infrastructure for SIM-swap attacks and spam SMS campaigns.
Both markets were forcibly taken offline on Tuesday. Huione Guarantee has since confirmed it will cease all operations following the removal of its Telegram channels. The disruption represents a significant blow to organized cybercrime syndicates that relied on Telegram’s encrypted infrastructure for secure communications and delivery of illicit services.
Technical Anatomy of Black Market Operations
These marketplaces exploited Telegram’s features in several ways:
- Encrypted channels and supergroups for classified listings, shielded by invite-only links.
- Automated bots integrating with crypto wallets and mixing services, enabling seamless transfers with minimal manual oversight.
- Redundant backup channels and fallback domains to maintain resilience against platform takedowns.
Criminal operators typically combined stolen data—harvested via phishing kits, credential-stuffing scripts, and API abuse—with on-chain laundering techniques. They used mixers and peer-to-peer atomic swaps to obfuscate transaction flows, making forensic attribution by law enforcement more challenging.
Implications for the Global Cybercrime Ecosystem
The removal of these marketplaces follows a recent U.S. Treasury action to sanction Huione Group over alleged money laundering of at least $73 million in cryptocurrency from state-sponsored cyber heists and “pig butchering” romance scams. Treasury Secretary Scott Bessent emphasized the group’s role in facilitating billions in fraud against U.S. citizens.
Chainalysis projections show a temporary decline in high-value money-laundering cases on Telegram, but warn that agile threat actors will pivot to alternative platforms or decentralized services. The dynamic underscores a persistent cat-and-mouse game between cybercriminal networks and tech platforms’ trust & safety teams.
Expert Opinions and Industry Response
- Elliptic Analyst Oliver Hawkins: “Telegram’s removal of these channels will slow down fraudsters’ operations, but it’s not a permanent cure—criminals will adapt.”
- Dr. Maria Lopez, Cybersecurity Researcher: “This takedown highlights the need for integrated blockchain surveillance and cross-platform collaboration to preempt illicit marketplaces.”
Future Outlook and Recommendations
As Telegram scales up its trust and safety infrastructure—including AI-driven content analysis and enhanced reporting workflows—experts recommend:
- Joint industry task forces between messaging apps, blockchain firms, and law enforcement.
- Mandatory crypto-exchange KYC tightening to choke off exit liquidity for laundered funds.
- Real-time threat intelligence sharing to rapidly identify and dismantle backup networks.
Ultimately, the recent ban is a significant technical and operational success, but the resilient nature of cybercrime marketplaces means ongoing vigilance and proactive defenses remain essential.