A sophisticated, Chinese-speaking shadow economy operating in plain sight on the popular messaging app Telegram is now processing an estimated $2 billion in illicit transactions every month, dwarfing the scale of infamous darknet predecessors like the Silk Road. This burgeoning criminal ecosystem, detailed in recent analyses by WIRED and the crypto analytics firm Elliptic, represents a significant evolution in digital crime. It leverages the perceived anonymity of cryptocurrency and the vast user base of a mainstream platform to create a thriving, resilient, and highly profitable marketplace for a host of illegal goods and services. The phenomenon poses a complex and urgent challenge to global law enforcement, a problem compounded by the controversial policies of the very platforms that enable its existence. This new frontier of cybercrime is not hidden in the obscure corners of the dark web but is flourishing within an app used by hundreds of millions worldwide.
A Criminal Economy of Unprecedented Proportions
At the core of this sprawling network lie numerous darknet marketplaces functioning as channels and groups within Telegram, with two of the largest identified as Tudou Guarantee and Xinbi Guarantee. These platforms serve as central hubs for an alarming array of illegal transactions that fuel global cybercrime. The offerings range from stolen personal and financial data to prefabricated investment scam websites designed for maximum deception. Sophisticated deepfake creation tools are also readily available, alongside other illicit services that extend into deeply disturbing realms, including unregulated surrogacy and child prostitution. This is not a simple marketplace for stolen credit cards; it is a full-service criminal enterprise providing the tools, data, and infrastructure necessary to execute complex fraudulent schemes and exploit vulnerable individuals on a massive scale. The ease of access and the sheer variety of services offered have turned these Telegram channels into a one-stop shop for modern cybercriminals.
The sheer magnitude of this new wave of darknet activity becomes clear when contrasted with its historical counterparts. AlphaBay, once the world’s largest darknet market for drugs and hacking tools, was hailed by the FBI as processing over $1 billion in transactions at its peak. Similarly, the notorious Russian-based platform Hydra, which also provided money laundering services, processed approximately $5 billion throughout its entire seven-year history. These figures are utterly eclipsed by the activity on Telegram. A single Chinese-language market, Huione Guarantee, reportedly processed a staggering $27 billion between 2021 and 2025. Tom Robinson, a co-founder at Elliptic, starkly summarized the situation, stating, “When it comes to the illegal use of crypto assets, there is simply nothing larger today.” Experts cited in the reports believe a primary driver behind this explosive expansion is the increasing prevalence of the “pig butchering” scam, a sophisticated form of investment fraud that combines elements of romance scams with cryptocurrency fraud to devastating effect.
The Failure of Countermeasures and Market Resilience
Efforts to dismantle this vast criminal network have so far proven to be largely ineffective, highlighting the remarkable resilience and adaptability of the organizations involved. In a seemingly significant move in May 2025, Telegram took action against one of the largest operators, blocking the channels of Huione Guarantee, which had by then been renamed Haowang Guarantee. However, analysts at TRM Labs and Elliptic quickly deemed these measures insufficient. The void created by the takedown was almost instantaneously filled by a new entity, Tudou Guarantee, which reportedly maintained close connections with the owners of the defunct Haowang. This successor rapidly scaled its operations, and its monthly turnover quickly soared to an astonishing $1.1 billion, nearly matching the $1.4 billion figure previously held by its predecessor. This “whack-a-mole” dynamic demonstrates that simply deplatforming a single channel does little to disrupt the underlying criminal infrastructure, which can reconstitute itself with alarming speed.
A similar pattern of ineffectual enforcement was observed with the second-largest market, Xinbi Guarantee. Despite being blocked by Telegram, it was swiftly relaunched and managed to re-establish a monthly turnover exceeding $850 million. The cases of Tudou and Xinbi are not isolated incidents but are symptomatic of a much larger, systemic problem. Elliptic’s analysis suggests that these two giants are merely the most visible examples among an estimated 30 similar platforms that continue to operate with near-total impunity on the messaging service. This reality underscores a critical failure in current enforcement strategies. The decentralized and agile nature of these criminal groups, combined with their ability to quickly migrate to new channels and redirect their user base, renders single-channel takedowns a temporary and ultimately futile solution. The criminal economy on Telegram is not a collection of individual bad actors but a robust and interconnected ecosystem that has proven highly resistant to disruption.
The Controversial Roles of Platform Enablers
The persistence of this criminal economy is directly enabled by the policies and, critically, the inaction of two key entities: Telegram and Tether. When pressed by journalists in June about why the messenger allows these illegal markets to continuously resurface, Telegram’s management offered a highly controversial justification. The company stated it would not pursue further “blanket bans,” framing its decision as a measure to protect the “financial freedom” of Chinese users. They argued that these users are compelled to seek alternative financial channels to circumvent the strict currency controls imposed by what they termed an “authoritarian regime.” This official stance has been met with harsh criticism from cybercrime experts, who have labeled it both “hypocritical and dangerous.” Analysts forcefully counter Telegram’s narrative, pointing out that the vast majority of transactions are unequivocally criminal and are directly linked to fraudulent syndicates operating vast forced labor camps in Southeast Asia, where thousands are held captive and forced to perpetrate online scams.
The second critical link in this illicit financial chain is the stablecoin USDT, issued by the company Tether. USDT has become the de facto currency of choice for criminals operating on these Telegram platforms, valued for its price stability and ease of transfer. The paradox, as highlighted by analysts, is that while cryptocurrencies like Bitcoin are decentralized, Tether is a centralized issuer with the full technical capability to freeze wallets and confiscate funds that are demonstrably linked to illicit activities. However, the company has rarely exercised this power in a meaningful way to combat the problem on Telegram. This persistent inaction has been described by experts as a “systemic problem” that effectively facilitates widespread criminality on a global scale. By failing to police the use of its own digital currency, Tether provides the stable and liquid financial rails upon which this entire multibillion-dollar shadow economy is built, allowing criminals to move and launder their proceeds with minimal friction or fear of intervention.
A Mandate for a New Global Response
The state of affairs was damningly assessed by Jacob Sims, a transnational crime expert at Harvard’s Asia Center, who compared the sporadic enforcement actions by Telegram and Tether to performative “show raids.” These actions created an illusion of progress while the underlying criminal infrastructure was almost instantly restored. “Impunity at all levels rendered any serious efforts to curb this futile,” he asserted. It became clear that a meaningful solution required a fundamental shift in approach. A globally coordinated response, with the same level of commitment and international cooperation seen in the fights against terrorism and drug trafficking, was deemed essential. The response to this growing threat had not yet reached the necessary level of coordination and determination. This was precisely what was lacking to start addressing the problem with the seriousness that matched the scale of the damage it caused, a situation underscored when the payment arm of a related conglomerate, Huione Pay, abruptly ceased operations and froze all payments, hinting at the even broader financial entanglements of the entities involved.
