UK Sanctions Xinbi Marketplace Over $19B in Scam Laundering

The United Kingdom has sanctioned Xinbi, a Chinese-language Telegram marketplace that processed over $19.9 billion in cryptocurrency transactions for scam networks across Southeast Asia. The March 26 action marks the first time any government has targeted the illicit platform.

Who Got Sanctioned

Britain's Foreign, Commonwealth and Development Office (FCDO) imposed sanctions on three entities and multiple individuals connected to large-scale fraud operations:

• Xinbi — A Telegram-based marketplace selling stolen personal data, satellite internet equipment, and cryptocurrency laundering services to scam centers
• #8 Park — Cambodia's largest forced-labor scam compound, capable of housing 20,000 trafficked workers
• Legend Innovation Co — The operator of #8 Park, connected to the broader Prince Group criminal network

The sanctions freeze UK-based assets and prohibit British financial institutions from processing transactions for these entities. According to The Block, several London properties linked to the network will also be frozen, including a £9 million penthouse near Westminster.

The $19.9 Billion Operation

Between 2021 and 2025, Xinbi facilitated cryptocurrency transactions totaling $19.9 billion, according to blockchain analytics firm Chainalysis. The marketplace operated as a one-stop shop for criminal enterprises, offering:

• Stolen personal databases used to target victims with customized scams
• Cryptocurrency exchange services for converting stolen funds
• Unlicensed USDT trading to move money across borders
• Money laundering for North Korean threat actors involved in crypto heists

The platform rose to prominence after Telegram blocked similar marketplace Huione Guarantee in 2025, and the US Treasury designated the Huione Group as a primary money laundering concern.

Pig Butchering at Industrial Scale

The sanctions specifically target infrastructure supporting "pig butchering" scams — a form of social engineering fraud where criminals pose as romantic interests or investment advisors on dating apps and social media. Victims are gradually lured into fraudulent cryptocurrency investment schemes before their funds are stolen.

These operations require trafficking victims themselves. The #8 Park compound in Cambodia operated as what authorities describe as a forced-labor camp surrounded by high walls and barbed wire. Workers, many of whom were deceived into traveling to Cambodia with promises of legitimate employment, were coerced into running scams against people worldwide.

"We will not allow British people to become victims of these dreadful scams or tolerate the awful human rights abuses perpetrated in these scam centres," said Stephen Doughty, UK Minister of State for Europe, North America and Overseas Territories.

The Chen Zhi Connection

The sanctions come two months after a major blow to the network's leadership. Chen Zhi, founder of the Prince Group conglomerate that controls multiple scam compounds, was arrested in Cambodia on January 6, 2026, and extradited to China. The US Department of Justice had indicted Chen Zhi in October 2025 on wire fraud and money laundering charges.

The DOJ simultaneously filed a civil forfeiture complaint for 127,271 bitcoin — valued at over $15 billion — marking the largest forfeiture action in US history. Chen Zhi's arrest triggered a mass exodus from several Cambodian scam compounds, with thousands of trafficked workers seeking embassy assistance to return home.

This follows a pattern of coordinated international sanctions targeting cyber-enabled criminal infrastructure. Law enforcement has increasingly focused on disrupting the financial rails that enable cybercrime, as demonstrated by recent sentencing actions against ransomware operators.

North Korean Money Trail

Xinbi's involvement extends beyond romance scams. The platform allegedly helped North Korean hackers launder cryptocurrency stolen in major heists. This mirrors the activities of threat groups like Lazarus and KONNI, which conduct cyber operations to fund North Korea's weapons programs.

North Korea-linked actors have stolen billions in cryptocurrency over the past several years, making illicit marketplaces like Xinbi critical infrastructure for converting stolen assets into usable funds.

Why This Matters

The UK sanctions represent a strategic shift toward targeting the financial infrastructure that enables cybercrime rather than just the attackers themselves. By designating Xinbi, Britain aims to isolate the platform from the legitimate cryptocurrency ecosystem and disrupt its ability to process transactions.

Cryptocurrency theft operations like TorgGrabber, which targets over 700 wallet extensions, rely on marketplaces like Xinbi to monetize stolen assets. Cutting off these laundering channels makes the entire criminal supply chain less profitable.

For organizations, these sanctions serve as a reminder that Know Your Customer (KYC) compliance isn't optional. Financial institutions processing cryptocurrency transactions should implement robust screening against sanctioned entities and monitor for transaction patterns associated with pig butchering schemes.

The UK government signaled that additional sanctions targeting scam infrastructure are likely as international cooperation against these networks intensifies.