A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic.
The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public Telegram groups following a period of significant growth. The marketplace is estimated to have processed over $12 billion in transactions, making it the third-largest illicit marketplace of all time.
“Other parts of Tudou Guarantee, such as its gambling operations, continue to function, so it remains to be seen whether this represents the first stages of a full shutdown or a pivot away from fraud-related activity,” the company said.
Tudou Guarantee is just one of the many Telegram-based marketplaces serving cyber fraudsters, the others being HuiOne Guarantee and Xinbi Guarantee, which collectively engaged in over $35 billion in USDT transactions. Thousands of channels associated with both services were shuttered by Telegram last year.
The marketplace has since emerged as a leading platform, prompting merchants who previously sold through HuiOne Guarantee to migrate to Tudou Guarantee, offering stolen personal data, money laundering services, scam infrastructure like fraudulent investment platforms and phishing websites, and software programs to facilitate face swapping, voice cloning, and deepfake-powered impersonation during video calls with victims.
Research from Chainalysis published in November 2025 has identified that scam technology vendors collectively received at least $375.9 million in cryptocurrency in 2024, with artificial intelligence (AI) service vendors witnessing a 1,900% compound annual growth rate from 2021 through 2024, enabling scammers to forge realistic identities, generate convincing content, and scale their operations.
The migration was no coincidence as HuiOne acquired a 30% financial stake in Tudou Guarantee in December 2024, setting up the latter as a key fallback for Huione-affiliated vendors.
Elliptic’s Founder and Chief Scientist, Tom Robinson, told The Hacker News that Xinbi Guarantee has recovered and grown following Telegram’s intervention, and that there are a similar number of markets still in operation. “After shutting down HuiOne Guarantee, Telegram is no longer taking any action against these scam marketplaces. There’s no need for them to move to other messaging platforms,” Robinson added.
The apparent shutdown of Tudou Guarantee also appears to be related to the recent law enforcement actions against the Cambodian conglomerate Prince Group and its CEO, Chen Zhi, who was arrested and extradited to China earlier this month.
 |
| Chatter referencing Tudou Guarantee in connection with the Chen Zhi scandal (Source: Elliptic) |
The billionaire businessman stands accused of masterminding a vast investment scam that involved luring trafficked workers to forced labour camps in Southeast Asia to defraud victims globally, a scheme known as romance baiting or pig butchering. Prince Group has denied wrongdoing.
Elliptic said its real-time monitoring of Tudou’s central administrative wallets shows a sudden drop in activity in the following days, suggesting a link to the arrest.
“The closure of Tudou is a significant blow to the Southeast Asian scam economy, but history suggests the vacuum will not remain unfilled for long,” the company said, adding it expects the malicious activity to disperse across other guarantee marketplaces that may come in to swoop displaced merchants and customers.
Meanwhile, governments and law enforcement authorities aren’t sitting idle. In November 2025, the U.S. government announced the creation of the Scam Center Strike Force to dismantle Southeast Asian transnational criminal networks behind cryptocurrency-related fraud and pig butchering scams.
So far, the team has seized and forfeited $401 million in cryptocurrency from these schemes. It’s also working with U.S. companies to seize and disable U.S.-based facilities and infrastructure that power the scams, as well as prevent them from being weaponized to target American citizens.
