Chinese-language networks operating on Telegram have become the backbone of the world’s largest illicit crypto economy. 

These groups have surpassed the dark web in fusing scams, AI-driven deception, and money laundering into a single, industrial system.

Telegram Markets Now Dwarf Historical Dark Web Giants

The scale is unprecedented. Elliptic data shows Huione Guarantee, later rebranded as Haowang Guarantee, processed $27 billion between 2021 and 2025. 

That figure exceeds every major dark web market in history.

Over recent years, we've supplied @okx with crypto threat intelligence via multiple channels, and their compliance progress is notable.

Data shows a significant decrease in risky USDT deposits from Huione&Tudou Guarantee.

We will continue monitoring this. @star_okx pic.twitter.com/f7zHpzra8j

— Bitrace (@Bitrace_team) October 15, 2025

After Telegram banned Huione in May, activity migrated. Two markets now dominate:

• Tudou Guarantee: roughly $1.1 billion per month
  
• Xinbi Guarantee: roughly $850 million per month

Combined monthly volume now surpasses what AlphaBay processed over its entire lifetime.

Why Telegram Replaced the Dark Web

Telegram offers public channels, escrow-like systems, and instant global reach. Users need no Tor browser or technical knowledge.

Markets recreate classic darknet features:

• Vendor reputation systems
  
• Escrow and dispute resolution
  
• Stablecoin settlement
  
• Rapid rebranding after bans
  

In practice, Telegram has become a “dark web without friction.”

Be careful ⚠️⚠️⚠️

a FAKE telegram channel is trying to scam Smardex holders

There is NO V3 migration,
DO NOT FALL FOR SUCH SCAM

the official updates can ONLY be received through their website https://t.co/Ghz45GSSnI, their X: @SmarDex and their official TG (its link is in… pic.twitter.com/cESr07yx4e

— Crypto Feras  (@CryptoFeras) November 5, 2025

Crypto Scam Markets Feed a Global Fraud Industry

These markets do not sell drugs or weapons at scale, but they sell scam infrastructure.

The primary customer base is the pig-butchering scam industry. These long-term romance and investment scams generate roughly $10 billion annually from US victims alone, according to federal data.

Operations are concentrated in Southeast Asia. Many rely on trafficked labor held in scam compounds.

Telegram markets provide:

• Money-laundering services
  
• Fake investment platforms
  
• Stolen identities
  
• Telecom and social-engineering tools

The scam economy and the markets grow together.

AI Face-Swap Tools Supercharge Fraud

A key accelerant is artificial intelligence. Chinese-language Telegram groups actively sell:

• Real-time face-swap software
  
• Voice-cloning tools
  
• Deepfake identity kits
  

These tools allow scammers to impersonate real people on video calls. They dramatically increase trust and conversion rates.

Threat analysts describe this as the industrialization of social engineering. Scams now operate with assembly-line efficiency.

Look at this, what appears to be a SCAM site that is fully AI generated.

What is the government doing to stop these? Nothing at all?

All that talent going toward scamming new crypto users… on Twitter, Telegram, etc.

www_youtube_com/@cryptotopstories <– SCAM!!!… pic.twitter.com/HG1w0Lkx3e

— Jae Kwon – "godfather of proof-of-stake" (@jaekwon) November 22, 2025

USDT Is the Financial Backbone

Nearly all transactions settle in Tether (USDT). Unlike decentralized cryptocurrencies, USDT can be frozen. That capability exists but is rarely used at scale.

As a result, the most centralized stablecoin underpins the largest illicit crypto markets ever recorded. This dependency concentrates risk across scams, money laundering, and cross-border fraud.

Telegram has removed major markets before. Each time, replacements emerged within weeks.

Ownership stakes shift between markets. Liquidity follows instantly.

Elliptic tracks roughly 30 Chinese-language Telegram markets today. Together, they move tens of billions of dollars annually, mostly through crypto. 

Enforcement pressure remains fragmented and inconsistent.

Overall, this is no longer a niche cybercrime story.

Public messaging platforms now host global illicit finance at scale. Language-based networks matter more than geography; tools are reshaping fraud economics.

The result is a criminal ecosystem larger than anything the dark web ever produced. And it operates in plain sight.

Without a coordinated platform, stablecoin, and law-enforcement action, this system will keep growing.

The post Chinese Groups Have Transformed Telegram into the Dark Web of Crypto Scams appeared first on BeInCrypto.

A recent report by Kerberus, a Web3 security firm, suggests that human behavior is now the primary risk in Web3.

BeInCrypto spoke with the firm’s CEO, Alex Katz, and CTO, Danor Cohen, to understand why users continue to fall victim to attacks and what they can do to better protect themselves.

Human Error Drives Major Web3 Losses, Kerberus Report Finds 

In its latest report titled “The Human Factor – Real-Time Protection Is the Unsung Layer of Web3 Cybersecurity (2025),” Kerberus revealed that human-focused attacks were the most structurally dangerous vector in Web3.

The report cites data showing that a significant share of industry losses stems from user mistakes. Roughly 44% of crypto thefts in 2024 resulted from the mismanagement of private keys. Another research indicates that human error is involved in approximately 60% of security breaches.

With 820 million active wallets in 2025, the threat landscape is expanding quickly, and everyone remains at risk. Katz told BeInCrypto that bad actors are targeting both newcomers and experienced users, but for very different reasons.

“New users are attractive because they don’t yet understand what ‘normal’ Web3 behavior looks like,” he said

Interestingly, the executive noted that long-time users are becoming increasingly higher-value targets compared to newcomers. According to him, 

“Veteran users interact with far more dApps, sign more transactions, and move larger amounts. That means a single moment of complacency can do far more damage. So the group most at risk today is anyone who assumes they’re not at risk.” 

Cohen added that one of the biggest misconceptions in Web3 is the belief that security failures stem from users not understanding the technology. His analysis points in the opposite direction. People are getting hacked because the system places an unrealistic burden on them.

“Users think, ‘I’m too smart to get drained, I know how wallets work – I’m safe.’ But the threat landscape changes faster than users do. Attackers aren’t trying to outsmart your wallet; they’re trying to outsmart you. And they’re extremely good at it.  What people misunderstand is that Web3 puts an enormous cognitive burden on the individual. Users shouldn’t have to decipher technical signals to stay safe – security must work for them automatically,” he mentioned.

Why Even Smart Web3 Users Keep Getting Drained in 2025

These human-driven risk persists despite record spending on security in 2025. Kerberus’ report stated that crypto-related services and investors lost over $3.1 billion to hacks and scams in the first half of the year. This is already more than the total for all of 2024. 

That number includes the historic Bybit breach. Excluding this, human-targeted attacks such as phishing and social engineering still accounted for $600 million. This represented 37% of the remaining $1.64 billion in losses.

The report noted that these attacks scale with growing adoption and bypass technical defenses entirely. This makes it difficult for traditional security models to prevent them.

While companies invest heavily in audits, monitoring, and code reviews, attackers increasingly exploit users directly at the transaction level. But what makes humans so vulnerable to these attacks?

“Humans are vulnerable because every scam is designed to exploit natural psychological shortcuts — urgency, authority, familiarity, fear of missing out, or comfort with routine. These are not flaws; they’re the same instincts that allow us to function in everyday life. Technology alone can’t change human psychology, but it can catch the moment when psychology is being weaponized,” Cohen detailed. 

He emphasized that the strongest form of protection isn’t relying on users to avoid mistakes through education alone, but rather stopping harmful actions in real-time before damage occurs. 

“That’s why real-time detection matters so much. If you can warn a user at the exact moment their trust is being manipulated, you can stop most losses before they occur,” Cohen added.

The executive noted that it’s unrealistic to expect an everyday user to distinguish between a malicious dApp, an airdrop, or a mint page. Modern fraudulent platforms often closely mirror legitimate ones. This makes them nearly indistinguishable.

He added that users can click phishing links repeatedly. They don’t do so out of carelessness, but because the attacks are intentionally crafted to deceive.

Even real-time warnings can sometimes appear to be false positives, highlighting the advanced nature of these scams.

“Users shouldn’t be expected to perform forensic checks. The burden has to shift to tools that analyze intent and behavior in real time,” Cohen suggested.

The report also states that these attacks exploit moments when users are least able to assess threats. It may happen when someone checks their wallet while distracted at work, reacts to an urgent message claiming their account will be frozen, or approves a transaction at the end of a long day when they’re exhausted.

According to the findings, the industry’s response has largely been to add more warnings and verification steps. But this approach often backfires due to “security fatigue.” As users become accustomed to constant alerts—many of which are false alarms that simply slow them down—their ability to make careful decisions diminishes under the continuous cognitive pressure.

3 Actions Users Can Take to Stay Safer in Web3

To reduce real-world losses, Katz disclosed three practices users can adopt. He advised users to:

• Pause before signing: Most compromises occur in under ten seconds. Taking even a brief moment to read the prompt or confirm whether the request aligns with the intended action can prevent a large share of successful attacks.
• Separate high-value assets from everyday activity: Using multiple wallets remains one of the most effective safeguards. He suggested that users should keep their long-term holdings in a cold or low-touch wallet and use a separate wallet for exploration, mints, and dApps. This compartmentalization limits potential damage.
• Rely on real-time transaction protection: Because many threats involve social engineering rather than technical exploits, users benefit from tools that interpret on-chain actions before they’re finalized. This single layer of defense blocks many of the more advanced scams.

The intention, he stressed, is not to turn users into security experts, but to build guardrails that prevent mistakes from turning into financial losses.

The post Human-Targeted Attacks Are Now Web3’s Most Dangerous Threat, Report Finds appeared first on BeInCrypto.