Telegram Becomes Hub for $2B Darknet Activity Monthly

Executive Summary

Telegram, widely known as a secure messaging app, has inadvertently become the backbone for the world’s largest darknet ecosystem—facilitating nearly $2 billion per month in illicit transactions across Chinese-language cybercrime syndicates. Despite previous bans, threat actors have rebuilt at scale with platforms like Tudou Guarantee and Xinbi Guarantee, selling everything from stolen credentials to advanced AI-enabled scams. This evolution is now enabling a parallel criminal economy with real-world impacts on global enterprises.

For CISOs, this development is not just a geopolitical concern—it’s a high-priority indicator in your daily briefing. Threat actors leveraging mainstream platforms for encrypted operations elevate the necessity for insider monitoring, vendor verification, and law enforcement coordination. The convergence of messaging apps and dark market tools demands swift reassessment of both social engineering defenses and financial fraud detection mechanisms.

What Happened

Telegram has become the operating base for massive Chinese-language darknet markets, according to a new report from crypto analytics firm Elliptic. These marketplaces, hosted and conducted via Telegram channels, provide cybercriminals with access to laundering services, account compromises, phishing kits, and deepfake tools. After major crackdowns in early 2025 briefly suppressed activity, two key communities—Tudou Guarantee and Xinbi Guarantee—resurfaced and now drive over $2 billion in monthly illicit commerce.

These markets cater to a spectrum of criminal operations, notably the orchestrators of the notorious "pig butchering" scams... Read the entire text in the original markdown article.

[...]