The online black market once lurked in the shadows of the dark web. Today, it has moved to public platforms like Telegram and amassed unprecedented illegal wealth.
Article by: Andy Greenberg
Source: Shen Chao TechFlow
Once, online black markets were hidden in the shadows of the dark web. Today, they have moved to public platforms like Telegram and amassed historic illegal wealth.
More than a decade ago, when the black market for drugs, guns, and various contraband first emerged in the dark web, the technological complexity of cryptocurrencies and anonymous software Tor seemed to be key means of achieving billions of dollars in illegal transactions.
However, by 2025, all of this seems to have become somewhat outdated. Today, to complete tens of billions of dollars in black market crypto transactions, all it takes is a messaging app willing to provide a platform for scammers and human traffickers, the perseverance to recreate channels and accounts when banned, and fluent Chinese language skills.
According to a recent analysis by crypto tracking company Elliptic, the ecosystem of Chinese crypto scammers based on the Telegram messaging service has now developed to an unprecedented scale. Although there was a brief decline after Telegram banned the two largest such markets in early 2025, the current two major markets—'Potato Guarantee' and 'New Coin Guarantee'—achieve nearly $2 billion in transaction volume each month through money laundering transactions, sales of scam tools (such as stolen data, fake investment websites, and AI face-swapping tools), and other black market services (such as surrogacy and underage prostitution).
Cryptocurrency romance scams and investment scams are notorious for their brutal 'pig butchering' operation mode. These scams mainly operate from secret bases in Southeast Asia, typically consisting of thousands of human trafficking victims. According to the FBI, in the U.S. alone, these scams can defraud about $10 billion annually, making them one of the most profitable forms of cybercrime in the world.
By providing money laundering services and other related tools to these fraud organizations, markets like 'Potato Guarantee' and 'New Coin Guarantee' have rapidly expanded and grown large. Tom Robinson, co-founder and chief scientist of Elliptic, stated: "If you consider the illegal uses of crypto assets, there is currently nothing bigger than this."
In fact, these criminal trading markets are not only the largest online black markets today but also the largest in history. The once-dominant dark web market AlphaBay was known for selling drugs, stolen data, and hacking tools. According to the FBI, AlphaBay had a transaction volume of over $1 billion during its two and a half years of operation, ten times that of the original Silk Road dark web market at its peak. Meanwhile, the Russian dark web market Hydra completed over $5 billion in transactions during its seven years of operation, providing money laundering services for cryptocurrency thieves and ransomware gangs.
In contrast, according to data from Elliptic, the Chinese Telegram group market 'Huione Guarantee' has completed an astonishing $27 billion in transaction volume from 2021 to 2025, far exceeding all previous online black markets. Even though it operates completely openly on the Telegram platform, it is still referred to as 'the largest illegal online market in history.'
Although Telegram banned 'Huione Guarantee' (which had been renamed 'Haowang Guarantee') in May this year for the reason that the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) listed it as a money laundering operation platform, the market did not disappear as a result. Haowang Guarantee's stake in 'Potato Guarantee' quickly filled this gap. According to data from Elliptic, Potato Guarantee's monthly transaction volume has reached $1.1 billion, which is not much different from Haowang Guarantee's $1.4 billion monthly transaction volume. Meanwhile, the second-ranked crypto scam market 'New Coin Guarantee', despite also being banned in May and coming back online, has seen its monthly transaction volume increase to $850 million. The total transaction volume of the two major markets even exceeds the previous total market size, and Elliptic is currently monitoring about 30 similar markets, which collectively achieve hundreds of billions of dollars in annual transaction volume.
This June, when WIRED contacted Telegram to point out how these markets were rebuilding their criminal empires in the public eye, Telegram's response sparked controversy. Telegram stated that they decided not to impose bans on these markets, believing that these markets provide a way for Chinese users to circumvent 'capital controls', which often leave citizens with no choice but to seek alternative means of international money movement. "We assess each report on a case-by-case basis and firmly reject a blanket ban—especially when users are attempting to circumvent oppressive restrictions imposed by authoritarian regimes," Telegram stated in a June declaration to WIRED. "We remain steadfastly committed to protecting user privacy and defending fundamental freedoms, including financial autonomy."
This position has sparked widespread controversy and has led people to reflect: Under the banner of protecting privacy and freedom, can we turn a blind eye to cybercrime?
Elliptic and other fraud industry analysts have strongly rebutted Telegram's view of maintaining market freedom, pointing out that the vast majority of market activities like 'Potato Guarantee' and 'New Coin Guarantee' are illegal. In addition to services related to scams, these markets also involve prostitution transactions—in posts from New Coin Guarantee, there are even suggestive advertisements involving underage sexual services, such as 'Lolita' or 'young girl' services. Furthermore, clients of these scam operations have been widely recorded using forced labor in modern slavery-like conditions.
"They have the ability to shut down this fraud economy and human trafficking activities, but they have become a 'classified advertising platform' for cryptocurrency fraudsters," said Erin West, former prosecutor for Santa Clara County, California, and now head of the anti-fraud organization 'Operation Shamrock'. "These bad actors are using their bad platform to facilitate other bad actors."
In addition to Telegram, another cryptocurrency company, Tether, has also played a key role in these fraud markets. This popular stablecoin is the preferred tool for money laundering transactions in these markets. Unlike most cryptocurrencies, Tether has a centralized structure, meaning its parent company (Tether Ltd.) can seize or freeze funds at any time. However, the company has done little to intervene in the large-scale capital flows it supports.
In response to WIRED's request for comments on its role in the black market transactions of 'Potato Guarantee' and 'New Coin Guarantee', both Telegram and Tether did not respond.
Jacob Sims, a visiting scholar at Harvard University’s Asia Center focusing on transnational crime research, believes that the efforts of Tether and Telegram to combat the expansion of the fraud industry are similar to the 'symbolic' raids by Southeast Asian law enforcement on fraud bases. These law enforcement actions are often merely formal, allowing these scam organizations to rebuild and resume operations. "Ineffectiveness at all levels of law enforcement leads to an inability to effectively combat it," Sims stated.
Sims also pointed out that only through centralized cooperation among international governments and law enforcement agencies can substantial changes be made to this situation. He likened this effort to coordinated actions against global terrorism or drug trafficking, arguing that the same international pressure should also be applied to companies that foster rampant fraud.
"The current response to this increasingly serious fraud industry has not yet reached the level of coordination and urgency needed," Sims said, "and only when we elevate it to a priority that matches the enormous damage it causes can the problem possibly be solved."