Tudou Guarantee Successors Expand Cybercrime Marketplace  | eSecurity Planet

Tudou Guarantee Successors Expand Cybercrime Marketplace 

Flare researchers found that Tudou Guarantee’s shutdown fueled the rapid rise of competing cybercrime marketplaces.

Written By
Ken Underhill
Ken Underhill
Jul 9, 2026
4 minute read
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The shutdown of Tudou Guarantee in early 2026 marked the end of one of the largest cybercrime escrow marketplaces in operation. 

However, according to research from Flare, it did not disrupt the broader cybercrime ecosystem. 

Instead, multiple successor platforms quickly emerged to compete for Tudou’s vendors, infrastructure, and customer base, highlighting how resilient these illicit marketplaces have become.  

“When one criminal marketplace closes, it doesn’t mean that the operation has stopped,” said Chris d’Eon, Threat Intelligence Researcher at Flare, in an email to eSecurityPlanet. 

He explained, “The vendors, clients, and payment systems migrate to the next trusted platform.” 

“Chris added, “In the case of Tudou, it shows how fraud networks can reorganize on the fly around other communication channels and escrow systems.”

Key takeaways

  • Tudou Guarantee’s shutdown did not really disrupt the cybercrime ecosystem, as multiple successor marketplaces quickly emerged to fill the void.
  • Tiancheng, Ouyi, and Timi now compete independently, with Tiancheng inheriting much of Tudou’s core infrastructure.
  • Successor marketplaces continue to provide the tools and services that enable phishing, account takeovers, money laundering, and other fraud operations.
  • The fragmentation of cybercrime marketplaces makes fraud infrastructure more difficult for defenders to track and monitor.
  • Monitoring successor platforms can provide valuable threat intelligence on emerging fraud infrastructure and cybercriminal activity.

The rise and fall of the $12 billion Tudou Guarantee marketplace 

Tudou Guarantee processed an estimated $12 billion in lifetime transactions, serving as a major escrow platform for cybercriminals buying and selling stolen data, money laundering services, fraud tools, and other illicit offerings. 

It had previously benefited from the 2025 disruption of Huione Guarantee, another major cybercrime marketplace.

Rather than disappearing entirely, Tudou left behind valuable digital assets, including Telegram channels with hundreds of thousands of subscribers, vendor relationships, premium usernames, and an established customer base. 

Those assets quickly became the focus of competing successor platforms.

Advertisement

Three cybercrime marketplaces competed for Tudou’s assets 

Flare’s research found that Ouyi Guarantee, Tiancheng Guarantee, and Timi Guarantee each publicly claimed to have acquired Tudou’s infrastructure after its shutdown. 

While those announcements appeared similar, blockchain analysis and Telegram infrastructure indicate the three platforms operate independently with separate administrators, wallet clusters, and escrow addresses.

Among them, Tiancheng appears to have inherited the most valuable portions of Tudou’s operation. 

Researchers found it took control of Tudou’s primary Telegram channels, retaining more than 570,000 members, while also acquiring the Feibo gambling brand and additional customer service infrastructure.

Ouyi secured several premium Telegram usernames and branding assets but appears to have obtained fewer of Tudou’s core operational resources. 

Timi largely competed for displaced vendors by encouraging them to re-register under its platform rather than acquiring Tudou’s existing infrastructure.

The result is a fragmented marketplace where multiple competitors now serve many of the same vendors.

Cybercrime supply chains continue after Tudou’s shutdown 

Although the platforms compete with one another, Flare found they offer remarkably similar services that support global fraud operations.

Their marketplaces advertise services including:

  • Cryptocurrency laundering and USDT cash-out services
  • Stolen data sales and identity information
  • SIM cards and identity verification services
  • Remote-access malware and fraud tooling
  • Bulletproof hosting and infrastructure
  • Deepfake creation and chat manipulation services
  • Account sales, rentals, and recovery services
  • Payment processing and money mule recruitment

These marketplaces enable criminal organizations to obtain the tools and services needed for phishing, account takeovers, investment scams, pig-butchering, and other financial fraud. 

Advertisement

Fragmented cybercrime marketplaces create new intelligence challenges 

One of the report’s notable findings is that shutting down a major marketplace does not necessarily eliminate the underlying ecosystem.

Following Huione’s disruption in 2025, more than 30 successor marketplaces reportedly competed for displaced vendors. 

Tudou itself became one of the largest beneficiaries of that migration before eventually shutting down and triggering another wave of competition.

Researchers found no evidence that Ouyi, Tiancheng, or Timi share cryptocurrency infrastructure despite pursuing many of the same vendors. 

Instead, they represent separate criminal operations competing for market share while continuing to support many of the same illicit services.

This fragmentation makes tracking cybercriminal infrastructure more difficult because activity becomes distributed across multiple marketplaces rather than concentrated within a single dominant platform.

What security teams should monitor after Tudou’s shutdown 

Flare notes that guarantee marketplaces represent more than underground forums — they function as the commercial backbone supporting large portions of today’s fraud ecosystem.

Monitoring successor platforms can provide early visibility into emerging fraud services, malware, money laundering, and stolen identity markets targeting Western organizations. 

The report also highlights Tiancheng’s inherited Telegram channels and the publicly advertised cryptocurrency deposit addresses used by all three platforms as valuable sources of threat intelligence for organizations tracking fraud infrastructure.

While Tudou Guarantee no longer operates, its shutdown demonstrates that cybercrime marketplaces continue to evolve rather than disappear.

As one platform closes, competing operators rapidly absorb vendors, customers, and infrastructure, allowing the broader cybercrime economy to continue operating at scale.

Ken Underhill

Ken Underhill is an award-winning cybersecurity professional, bestselling author, and technology leader with more than 25 years of experience in IT, cybersecurity, and risk management. His career spans network administration, incident response, penetration testing, and entrepreneurship, giving him firsthand experience helping organizations reduce risk and ensure compliance. Ken is also a former nurse and combat medic and he uses this background to break down complex cybersecurity topics into digestible content for a broad, global audience. A multi-exit cybersecurity founder, Ken has spent decades helping organizations strengthen their security posture, manage risk, and navigate complex technology challenges. His expertise includes overall cybersecurity strategy, cloud security, incident response, risk management, security awareness, and emerging threats affecting businesses. Ken is also an advisor to multiple startups on AI security and risk. In addition to his hands-on industry experience, Ken is a cybersecurity newsletter writer for TechnologyAdvice, where he covers cybersecurity news/trends and actionable best practices for business and IT professionals. Ken is also an educator with over 2 million people going through his courses over the years. He has won the Global Cybersecurity 40 under 40 (2x winner), the Cyber Champion award from Women's Society of Cyberjutsu, and the 2019 SC Media award for Outstanding Educator. Ken is also a volunteer with organizations like Minorities in Cybersecurity, Black Girls Hack, and the Whole Cyber Human Initiative, which helps veterans transition into security careers. Ken holds a Master of Science in Cybersecurity and Information Assurance from Western Governors University and a Bachelor of Science in Information Systems, with a major in Cybersecurity Management, from Strayer University. His certifications include the Certificate of Cloud Security Knowledge (CCSK), Certified Ethical Hacker (CEH), and Computer Hacking Forensic Investigator (CHFI) and he is a former adjunct professor of Digital Forensics. Ken also had a streaming cybersecurity television show from 2020-2022 that reached over 200K monthly viewers around the world. His work and expertise have been featured in Forbes, Reader's Digest, Medium, TechRepublic, Fox, NBC, CBS, Dark Reading, MSN Money, and other leading publications and media outlets, making him a trusted voice on cybersecurity, election security, and privacy.

eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.