Inside the Rise of Dabai Guarantee and the Telegram “Sweeping” Economy

Following the high-profile shutdown of Huione Guarantee in 2025, a new powerhouse has emerged to facilitate global cybercrime: Dabai Guarantee (大白担保). Operating exclusively on Telegram to maintain high operational security, this marketplace acts as a sophisticated escrow and coordination hub for Chinese-speaking syndicates.

Dabai Guarantee isn’t just a chat room; it’s a massive infrastructure consisting of thousands of public and private channels designed to eliminate the “lack of trust” inherent in criminal dealings. The platform uses automated bots and human support agents to match threat actors with specific campaigns.

As noted in the Insikt Group report, “Guarantee marketplaces serve as conduits for Chinese-speaking threat groups with strong presences across multiple countries to coordinate and launch global-scale fraud and cybercriminal campaigns.”

One of the most active facets of this ecosystem is Public Group 301 (@DBTM301). This group specializes in “sweeping”—a term used to describe the illicit purchase of physical goods at retailers or withdrawing cash from ATMs using fraud techniques.

The organizational structure is surprisingly corporate:

• The Boss (“群老板”): The main coordinator who deposits USDT (Tether) into Dabai’s escrow to fund the campaign.
• Sweeping Teams (“扫货队”): Low-level “mules” often posing as tourists in Japan and South Korea.
• Goods Receiving/Inspection Teams: Personnel who collect and verify the illicitly obtained items before the Boss authorizes the release of payment.

A key finding in the report is the evolution of retail fraud through “ghost-tapping.” This involves using near-field communications (NFC) relay tactics to conduct unauthorized transactions. Interestingly, these groups are shifting their focus away from just luxury goods.

“Unlike conventional ghost-tapping campaigns that mainly target luxury businesses, ‘sweeping teams’ typically purchase goods that are less expensive but still considered valuable… likely to avoid detection by law enforcement.”

These items—ranging from women’s cosmetics to tobacco products—are resold in other markets for hard cash.

Cryptocurrency, specifically USDT, remains the lifeblood of these operations. In 2025, stablecoins accounted for 84% of all illicit transaction volume. For Chinese cybercriminals, USDT is the perfect tool: it provides price stability, bypasses strict capital controls, and offers a level of anonymity that traditional banking cannot match.

The siloed nature of these teams makes them incredibly difficult to track. If a “sweeping mule” is arrested, they often have no information about the “Goods Inspection Team” or the “Boss” coordinating from overseas in jurisdictions like Cambodia or Myanmar.

As the global Chinese-speaking criminal diaspora continues to decentralize, marketplaces like Dabai Guarantee are lowering the barrier to entry, allowing criminals without deep technical skills to participate in highly organized, physical fraud campaigns.