Telegram fraud networks adapt to enforcement with Tudou Guarantee seeing 70x surge in daily transactions.

Generated by AI AgentCoin World
Wednesday, Jul 30, 2025 2:30 pm ET1min read
Aime RobotAime Summary

- Telegram's enforcement against crypto fraud failed to dismantle illicit networks as Huione Guarantee shifted operations to Tudou Guarantee, seeing 70x daily transaction surges post-ban.

- TRM Labs revealed overlapping wallet infrastructure between Huione and Tudou, with Huione Pay facilitating fund transfers pre- and post-sanctions, highlighting interconnected criminal ecosystems.

- Xinbi Guarantee retained its Telegram ID and expanded partnerships like "Solaire Casino," while sanctioned Funnull Technology enabled pig-butchering scams via IP resale, demonstrating rapid adaptability.

- Despite enforcement, minimal KYC controls and operational fragmentation allow these platforms to persist, underscoring regulators' challenges in disrupting crypto-fraud networks through rebranding and migration strategies.

Telegram’s enforcement actions against illicit marketplaces have failed to fully dismantle the ecosystem facilitating large-scale fraud and money laundering in the cryptocurrency space. Following the U.S. Treasury’s designation of the Cambodia-based Huione Group as a financial institution of primary money laundering concern under the USA PATRIOT Act on May 13, 2025, Telegram removed several channels linked to Huione Guarantee and Xinbi Guarantee [1]. However, these platforms quickly pivoted to alternative Telegram-based services, notably Tudou Guarantee, to continue their operations [2].

Huione Guarantee had previously facilitated over $35 billion in USDT-denominated transactions, with daily inflows peaking at $60 million in 2024 before falling to $30 million after the ban [1]. Despite this drop, transaction volumes briefly rebounded to $40 million, illustrating the resilience of the illicit infrastructure. In contrast, Tudou Guarantee saw a 70-fold increase in daily transaction volumes, indicating a significant migration of vendors and fraudulent activity from the now-banned platforms [2].

TRM Labs analysis shows that Huione and Tudou share overlapping wallet infrastructure, with Huione Pay acting as a key conduit for moving funds between the two. The firm observed that Huione Pay’s withdrawal wallets regularly sent funds to Huione Guarantee’s security deposit wallets prior to the ban. Post-ban, this flow continued but shifted to Tudou, reinforcing the interconnected nature of these services [1].

Xinbi Guarantee also demonstrated rapid adaptability. Unlike Huione, it retained its Telegram ID and experienced a near 90% surge in daily inflows following the ban. The service reportedly expanded its presence by forming new partnerships, including one with "Solaire Casino," hinting at broader operational strategies to consolidate its role in the illicit escrow market [1]. Meanwhile, Funnull Technology, a company linked to Huione Group, faced U.S. sanctions for enabling pig-butchering scams via the resale of IP addresses to fraudulent investment platforms [2].

Despite intensified enforcement, the ecosystem remains operational. Huione Pay continues to process substantial volumes, leveraging minimal KYC controls to attract illicit actors. The shift to Tudou Guarantee represents a strategic move to fragment operations and evade regulatory disruption, with the platform serving as a fallback for vendors displaced by the crackdown [2].

The resilience of these services highlights the challenges faced by regulators in disrupting deep-rooted financial crime networks. The migration and rebranding strategies employed by Huione, Xinbi, and Tudou underscore the adaptability of the crypto-fraud landscape. As TRM Labs continues to monitor on-chain activity, it remains clear that enforcement actions alone are insufficient to fully dismantle these networks, which persist through rapid adaptation and operational fragmentation [1].

Comments



Add a public comment...
No comments

No comments yet