Chinese-language online marketplaces, known as “guarantee” or dānbǎo platforms, have become central hubs for cybercriminals trading stolen credentials and illicit services. These Telegram-based platforms utilize an escrow system to facilitate transactions, mirroring the trust models of legitimate services like Alipay and Xianyu.
According to Flare, Huione Guarantee processed over $27 billion in cryptocurrency between 2021 and 2025, making it the largest illicit online marketplace recorded. Its competitor, Xinbi Guarantee, handled at least $8.4 billion in the same period. Both platforms operated on Telegram until their ban in May 2025.
These marketplaces function with corporate-like structures, featuring public branding, customer service teams, and tiered vendor programs. Operators hold buyers’ funds in escrow, releasing payments only upon confirmed delivery. Vendors pay a security deposit in USDT cryptocurrency, forfeited if they scam a buyer, lending financial weight to the “guarantee.”
Despite the May 2025 Telegram takedown and US Treasury sanctions, the ecosystem rebounded swiftly. Over thirty successor marketplaces emerged within months, with Tudou Guarantee experiencing a nearly seventyfold surge in daily inflows. Operators are now developing proprietary messaging platforms to bypass Telegram, indicating rapid adaptation to enforcement actions.
These platforms actively trade stolen corporate credentials, fake identity documents, SIM cards, NFC-relay fraud kits, and corporate impersonation tools. Transactions are bot-automated, with escrow held in USDT until buyers confirm receipt.
The resilience and adaptability of these marketplaces underscore the challenges in combating cybercrime. Their ability to quickly reestablish operations and develop new platforms highlights the need for continuous vigilance and innovative enforcement strategies.
Source: Cyber Security News
