Crypto Scamming Network Exploits Xinbi Guarantee Platform
Recent findings from Elliptic have unveiled a troubling trend on the Xinbi Guarantee platform, with vendors openly advertising services connected to various crypto investment scams, including “quick kills,” “slow kills,” and “pig butchering.” These terms refer to a range of fraudulent schemes designed to exploit unsuspecting victims. As described by Elliptic’s Robinson, many of these vendors work to facilitate payments by offering bank accounts within the victim’s home country. This tactic allows the scammers to receive payments while subsequently converting them into cryptocurrency, often Tether, to obscure the flow of funds. There are also instances where vendors provide services to convert cryptocurrency into local fiat currencies, such as the Chinese renminbi.
Beyond straightforward cashing out for scammers, Xinbi Guarantee has expanded its offerings to include a variety of services that support malicious activities. Elliptic’s research noted that vendors also sell stolen data, which can aid in the identification and targeting of potential victims. Furthermore, the market has listings for services such as SIM card registration and Starlink Internet subscriptions, all carried out through proxies to obscure the details of the transactions.
In a more alarming revelation, the platform has been linked to North Korean cybercriminals who exploit it for money laundering purposes. A blockchain analysis from Elliptic revealed that approximately $220,000 stolen from the Indian cryptocurrency exchange WazirX—associated with a significant $235 million cyber heist believed to involve North Korean hackers—was funneled into Xinbi Guarantee through various transactions in November 2024.
The questionable activities on Xinbi Guarantee extend further than these services. Elliptic has identified listings promoting surrogate motherhood and egg donation, even showcasing images intended to obscure donor identities. In a concerning twist, other listings propose disturbing services aimed at intimidation or harassment, including placing funeral wreaths at victims’ residences, vandalizing homes, or even orchestrating threats and distressing acts such as throwing feces. A particularly bizarre offering involved surrounding a target’s home with individuals presenting as AIDS patients, reportedly intended to intimidate with “case reports and needles.”
While the availability of these diverse and dangerous services is alarming, it highlights the broader implications of unchecked online marketplaces. The implications for business owners and the wider community are significant, especially when considering the tactics and techniques identified within the MITRE ATT&CK framework. Such tactics would likely include initial access techniques, whereby vendors lure victims into schemes, and persistence practices, allowing fraudsters to maintain ongoing engagements with their targets.
In sum, as the landscape of cryptocurrency fraud evolves, stakeholders must remain vigilant and informed about potential vulnerabilities and the ways criminals exploit them. Encouraging robust cybersecurity measures and vigilance within digital spaces is imperative for safeguarding both individual and organizational integrity.
