Malefactors are employing AI-based software to circumvent stringent KYC measures on cryptocurrency exchanges, according to a report by security firm Cato Networks.
The tool, named ProKYC, represents a “new level of sophistication” in crypto fraud. It marks a significant advancement over older methods used by cybercriminals to bypass two-factor authentication and KYC.
Instead of purchasing fake IDs, fraudsters use AI-based tools to create entirely new documents and fake videos to pass facial recognition procedures.
ProKYC is specifically designed to work with crypto exchanges and financial companies whose KYC protocols include matching a webcam image with a government document.
In the released video, a user integrates an AI-generated face into an Australian passport template. ProKYC then creates a video and photo of a person to bypass KYC on the Bybit exchange.
Such tools enable malefactors to create new accounts on crypto exchanges, experts noted. ProKYC is available for $629 annually. It is also designed to work on payment platforms like Stripe and Revolut.
Cato Networks’ Chief Security Strategist Itay Maor emphasized that detecting and defending against this new type of fraud is a complex task.
“Creating overly restrictive biometric authentication systems can lead to numerous false positives. On the other hand, weak controls pave the way for fraud,” he noted.
Methods for detecting the use of AI tools exist. Some rely on humans manually identifying unusually high-quality images and videos, as well as inconsistencies in facial movements.
In June, Binance blocked 297 “sybils” in the Megadrop programme. Some users had acquired “a large number of accounts with completed KYC to receive rewards in batches.”