Xinbi Guarantee operates as a behavioral network — not a single wallet or protocol — facilitating crypto-enabled fraud, money laundering, and illicit service infrastructure at institutional scale.
Xinbi functions as a trust and escrow layer between criminal actors. Its operational stack relies on Telegram for coordination and stablecoins for settlement.
| Step | Phase | Description | Chain |
|---|---|---|---|
| 01 | Buyer Entry | Scammer or buyer enters a Telegram channel to request services — fraud kits, stolen data, identity packages, or laundering capacity. | Off-chain |
| 02 | Escrow Lock | Buyer sends USDT to a guarantee wallet. The intermediary holds funds in custody pending confirmed service delivery. | TRC-20 |
| 03 | Delivery | Vendor delivers the requested service via Telegram. Confirmation is provided by the buyer before release is authorized. | Off-chain |
| 04 | Release | Guarantee wallet releases funds to vendor wallet. Typically within minutes of confirmation. No dispute mechanism exists. | TRC-20 / ERC-20 |
| 05 | Laundering | Vendor funds enter rapid fan-out sequences — 2–5 hops across mixers, bridges, and exchange deposit addresses within hours. | Multi-chain |
The diagram below illustrates a representative Xinbi transaction cluster: inbound aggregation from buyers, escrow custody, vendor disbursement, and launderer dispersion.
Fig. 1 — Representative Xinbi guarantee network topology. Buyers (left) → Guarantee escrow (center) → Vendor wallets → Laundering infrastructure (right).
Xinbi exposure is not identified by a single flagged address. Effective detection requires recognizing the behavioral combination across time and counterparty relationships.
| Severity | Pattern | Description | Observable Signals | Activity |
|---|---|---|---|---|
| Critical | Rapid Fan-Out |
Funds split across 3–8 wallets within minutes of escrow release. Designed to defeat transaction graph tracing and attribution. | 2–5 hops in <60 minutes Fan-out graph topology Simultaneous outbound txns |
|
| High | Escrow Aggregation |
Multiple unrelated wallets sending USDT to a single address in a short window. Classic inbound escrow behavior indicating a guarantee hub. | High inbound wallet diversity Holding periods <4 hours Rapid redistribution post-hold |
|
| High | Fresh Wallet Usage |
Newly created wallets with no prior transaction history suddenly receiving large-value stablecoin transfers. A common Xinbi rotation tactic. | Wallet age <7 days Sudden high-value inbound No historical counterparties |
|
| Medium | Stablecoin Concentration |
USDT on TRON (TRC-20) and Ethereum dominates settlement. Low volatility and low fees preferred for high-frequency illicit transactions. | USDT-only transaction flows No DeFi protocol interaction TRC-20 network preference |
|
| Observable | Dense Cluster Graphs |
Vendors interact with many buyers; buyers interact with multiple vendors. High graph centrality around Xinbi hub wallets creates detectable cluster patterns. | High graph centrality scores Repeated cross-entity flows Many-to-many relationships |
Most compliance infrastructure was not designed for behavioral networks. These are the three structural gaps Xinbi exploits.
Select the indicators present in your environment. The tool calculates a weighted exposure score and recommended response level in real time.
Request the complete transaction analysis report: wallet cluster maps, sample fund flows on TRON and Ethereum, and an actionable detection framework your team can implement this week.
