Telegram Faces Fresh Scrutiny as Sanctioned Xinbi Guarantee Market Remains Online

Telegram’s moderation problem has returned to the center of the debate

Telegram is again under pressure over the criminal activity it hosts after WIRED reported that Xinbi Guarantee, a sprawling Chinese-language black market linked to crypto scams and human trafficking, remains active on the platform weeks after the United Kingdom sanctioned it. The central issue is not merely that a criminal marketplace existed online, but that one of the biggest known operations of its kind appears to have continued functioning in public after being formally designated by a major government.

According to the supplied source material, the UK government sanctioned Xinbi Guarantee in late March 2026, identifying it as a facilitator of human trafficking. Nearly three weeks later, the market’s accounts were still available on Telegram. Cryptocurrency tracing firm Elliptic told WIRED that Xinbi processed about $505 million in transactions in the 19 days after the sanctions were imposed. The same reporting says the market added tens of thousands of users and now approaches half a million buyers and sellers.

That combination of scale, visibility, and persistence is what makes the story notable. Online criminal markets often move quickly, shift infrastructure, or fragment under enforcement pressure. Here, the allegation is different: a marketplace already identified by researchers and then sanctioned by the UK appears to have kept operating in plain sight on a mainstream messaging service.

A black market measured in billions

WIRED described Xinbi Guarantee as a bazaar for money laundering services used by crypto scammers, along with products and services tied to coercive scam operations. The report says the marketplace has facilitated a total of roughly $21 billion in transactions over its lifetime. If accurate, that would make it one of the largest known crypto-enabled illicit markets operating through a consumer communications platform rather than the more familiar dark-web model.

The scale matters because it changes the policy question. This is no longer just a content moderation problem in the narrow sense of removing a few bad actors. It becomes a platform governance issue involving sanctions compliance, transnational financial crime, organized fraud, and the role of messaging infrastructure in enabling those systems.

Elliptic cofounder Tom Robinson told WIRED that Xinbi is “still going strong” and is on track to become the largest market of its kind ever seen. Security researcher Gary Warner, quoted in the same report, said Telegram’s continued hosting of such activity is difficult to reconcile with the norms applied to legitimate online services. Those assessments sharpen the concern that enforcement failures on large platforms can become multiplicative: the bigger the user base and the looser the controls, the more attractive the service becomes for illicit coordination.

The sanctions test

The UK designation created a clear moment of accountability. Once a named entity is sanctioned, the question is no longer whether the platform has enough information to investigate. It is whether it will act, how quickly it will act, and what systems it has in place to prevent reconstitution under adjacent channels or mirrored accounts.

In this case, WIRED reported that Telegram did not respond to multiple requests for comment about Xinbi’s continued presence following the sanctions. That silence is significant because the sanctions timeline removes much of the ambiguity around whether the market’s role was contested or obscure. By the time of the report, the issue was not a researcher’s private claim. It had become a public matter of government enforcement and platform responsibility.

The story also illustrates how sanctions, while symbolically powerful, do not automatically shut down digital infrastructure. A designation can increase legal and reputational pressure, but operational disruption still depends on intermediaries acting on it. When those intermediaries are global platforms, enforcement becomes uneven unless the platform itself treats the designation as a trigger for rapid removal.

Why this matters beyond Telegram

The broader importance of the Xinbi case is that it sits at the intersection of several technology debates that are no longer separate. Messaging platforms are financial coordination layers. Crypto markets are enforcement targets that can migrate through mainstream consumer apps. Human trafficking networks increasingly depend on digital services that were not built for crime but can be used to industrialize it at scale.

That means the Xinbi story is not only about Telegram. It is about what happens when communication tools, payment rails, and illicit service marketplaces collapse into the same environment. The easier it is to find counterparties, settle transactions, and maintain persistent communities, the harder it becomes for authorities to disrupt the underlying activity with isolated takedowns.

The case also reinforces a harder line now emerging in policy circles: platforms may face growing pressure not just to remove obviously unlawful content when notified, but to demonstrate they can identify structured criminal ecosystems before outside researchers or foreign governments force the issue. That is a materially higher bar than reactive moderation.

For Telegram, the immediate problem is reputational and regulatory. For the wider technology sector, the lesson is sharper. Services that present themselves as neutral infrastructure are increasingly being judged by what they enable at scale, not only by what they say their policies prohibit.

What to watch next

Several follow-on questions now matter. First, whether Telegram removes Xinbi Guarantee and related accounts. Second, whether other governments or regulators adopt similar sanctions or enforcement actions. Third, whether financial tracing firms and cybersecurity researchers continue to document transaction growth after the UK move, which would strengthen the case that sanctions alone are insufficient without platform cooperation.

The story is also a test of whether public reporting can force action where prior warnings did not. WIRED notes that researchers had repeatedly highlighted Xinbi’s activity before the UK designation. If a sanctioned market can still operate openly after that escalation, scrutiny is likely to shift from the criminals themselves to the governance model of the platform hosting them.

That is why this report stands out. It is not just another cybercrime story. It is evidence of a widening gap between the visibility of large-scale online criminal infrastructure and the willingness, or ability, of major platforms to remove it when the facts are already on the table.

This article is based on reporting by Wired. Read the original article.