Telegram Hosting World’s Largest Darknet Market

Wired is reporting on Chinese darknet markets on Telegram.

The ecosystem of marketplaces for Chinese-speaking crypto scammers hosted on the messaging service Telegram have now grown to be bigger than ever before, according to a new analysis from the crypto tracing firm Elliptic. Despite a brief drop after Telegram banned two of the biggest such markets in early 2025, the two current top markets, known as Tudou Guarantee and Xinbi Guarantee, are together enabling close to $2 billion a month in money-laundering transactions, sales of scam tools like stolen data, fake investment websites, and AI deepfake tools, as well as other black market services as varied as pregnancy surrogacy and teen prostitution.

The crypto romance and investment scams regrettably known as “pig butchering”—carried out largely from compounds in Southeast Asia staffed with thousands of human trafficking victims—have grown to become the world’s most lucrative form of cybercrime. They pull in around $10 billion annually from US victims alone, according to the FBI. By selling money-laundering services and other scam-related offerings to those operations, markets like Tudou Guarantee and Xinbi Guarantee have grown in parallel to an immense scale.

Tags: , , ,

Posted on January 5, 2026 at 7:01 AM11 Comments

Comments

Clive Robonson January 5, 2026 7:49 AM

@ Bruce, ALL,

I read,

“Wired is reporting on Chinese darknet markets on Telegram.”

And the first thought that occurs to me is not about “darknet markets” but,

“Why Telegram? it’s not secure…”

Especially with group messaging, that a darknet market or simillar
with moree than two party messaging system would need.

This article,

https://wire.com/en/blog/is-telegram-a-security-or-surveillance-tool

Points out four things of relevance about Telegram,

1, It’s got clear links to the Russian security services.
2, By default E2EE is turned off.
3, Group messaging is always plaintext
4, Every message has a device ID that is always in plaintext.

There are also other issues to do with linked in / attached content.

US legislation forces any traffic involving “foreign access” gets recorded and trundled off to the NDA Buffdale data center, and may well also be seen by the FBI et al. Secondly the “Cloud Act” forces access to anything stored on a computer to be made available by the US company / subcompany or affiliates no matter where in the world the data is stored.

This came as a bit of a shock to French Authorities and some time ago to UK Parliamentarians all of whom use Office 365 cloud based services for just about everything.

Then as some know the US Executive got upset with part of the UN and their access to Microsoft cloud services mysteriously failed and Microsoft claimed,

“Not us guv, nuffing we can do about it mate…”

Which as others have pointed out is almost certainly a lie…

K.S January 5, 2026 8:41 AM

@Clive Robonson

>It’s [Telegram] got clear links to the Russian security services.

Could you explain what makes you say this? As far as I know Durov is Russian expat, a French/United Arab Emirates citizen living in Dubai. Are “clear links” the fact that he was born in Russia?

Hendrik January 5, 2026 8:52 AM

I’ve always seen Telegram as a great group communicator, like for the chatty neighbourhood watch discussing the barking dogs… not a secure tool, just a very convenient one.
Security IMO for your extra-marital affairs goes to Signal and when you need to talk to your drug and gun suppliers you go use Threema…

So, this tells me this “report” is about people trying to be “darkweb” but not understanding security… correct??

K.S January 5, 2026 9:07 AM

Telegram has very limited P2P encryption, you have to initiate it manually and it is only possible to enable with direct messaging. Telegram is not designed to be secure from MitM and as far as I know not advertised as such. This does not mean that that Telegram is actively malicious or a monitoring tool for “Russian security services”.

KC January 5, 2026 9:32 AM

“These are bad guys enabling bad-guy business on their bad-guy platform.”

So says Erin West a cybercrime investigator and former prosecutor who now leads Operation Shamrock.

https://www.operationshamrock.org

In her “Stolen Podcast” she talks to law enforcement, cyber fraud experts, and survivors.

I’ve just starting scanning over the weekly episodes. The Nov 19 episode “Modern Slavery and the Rise of Scam Compounds” has, and merits, a trigger warning. On this episode, she and anti-trafficking expert Matt Friedman discuss paths forward for addressing this extraordinary human tragedy. Organizations and people can and often want to help when they are brought together and made aware.

https://www.operationshamrock.org/podcast/stolen/ep28-human-trafficking-matt-friedman

from EU January 5, 2026 10:22 AM

Who cares? Considering how U.S. violates the international law and by force overthrows presidents in other countries and install their own puppet – let the America crash and burn.
I’m not losing any sleep here.
And after the Venezuela – nobody should say nothing about Russia’s actions in Ukraine.
If U.S. can, Russia can most certainly too. Everyone should now just shut up regarding the Russia and sanctions.

Clive Robinson January 5, 2026 11:03 AM

@ K.S.,

With regards,

“Could you explain what makes you say this?”

A number of things some of which I listed up some in my comment.

But as the article I linked to points out sufficient of Telegram is in Russia and like China and the USA anything crossing their networks in plaintext or encrypted gets recorded.

But consider the four list points I give, they indicate beyond reasonable suspicion that Telegram have chosen to make users traffic “insecure by design and default”.

So traffic in china gets “clocked” by the “Great Firewall” then due to the way the US is the spider at the center of the web, the user traffic gets clocked by them on it’s way to the Russian firewalls and networks where it gets clocked again…

The it gets stored for a while on servers in Russia, where they have laws about foreign traffic which I’m assuming Telegram abide by.

I’m curious though why are you onky asking about Russia not China and the US as well?

Look on it this way in all three of these UN Security Council Members the laws and Government behaviours are pretty much one and the same when it comes to,

1, Traffic crossing networks in their jurisdiction.
2, Traffic stored on servers in their jurisdiction.

Similar is also true of a number of European Nations in the West of Europe, especially France, Netherlands (once part of France), Belgium (once part of the Netherlands), and the UK. It would appear more recently Switzerland as well. As for Germany perhaps it’s best not to ask what the US CIA did and still does there.

These are the ones we know about, which is why even encrypted traffic should be treated with both caution and care.

As I’ve said a while in the past I do not use “secure messaging apps” because they are on the same device as the communications end point which implicitly makes them insecure no matter what encryption is used.

A point that should not be lost on anyone now we are moving from the age of “failed Golden Keys” back doors into “client side scanning” and AI that copies the UI to the cloud every few seconds.

As I’ve noted in the past when signal first got talked about with awe,

“The security end point needs to be on a separate device beyond the communications end point.”

Apple showed via their dismal attempt at client side scanning that the E2EE / backdoor / NOBUS Golden Key days, were over and Client Side Scanning was the new war zone.

Kind of making my point for me and confirming things were going that way.

Further long before Microsoft Cop-out became known I’d said that AI was the “most insidious surveillance tool so far” and that Microsoft’s AI Business Plan was,

“Bedazzle, Beguile, Bewitch, Befriend and Betray” To turn all users into their product by stealing the users and their acquaintances privacy.

Something that increasing numbers of people appear to agree with.

John White January 5, 2026 3:49 PM

@Clive Robinson: Noone is worried about human run countries like Russia and China. Only s**tholes like the zionist entity, its US colony, and other colonies like Canada, the UK, all EU countries etc.

Winter January 5, 2026 5:52 PM

@John White

Noone is worried about human run countries like Russia and China.

Actually, it is the Russian and Chinese official soms that don’t care about the lives and well being of their compatriots. A stance that is wonderfully demonstrated by the way Russian infantry is used as bait and canon fodder by the thousands [1] Chinese officialdom is little better, as the Great Leap Backwards, Cultural Revolution, and Tian An Men massacres have shown.

If anyone does care about the lives and wellbeing of Chinese and Russian people, they are the Western NGOs so much despised by their governments. The same Western NGOs desperately trying to help, eg Gazan and Sudanese victims of genocide. USAID was in the same league before they were gutted by the Putin admirers of the GOP.

[1] Recently reported to need to resort to cannibalism as their superiors don’t want to waste food on them.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.