Attackers are using artificial intelligence-based software to bypass strict KYC measures on cryptocurrency exchanges, according to a report from security firm Cato Networks.
A tool called ProKYC shows a “new level of sophistication” in crypto fraud. It represents a significant step up from older methods that cybercriminals used to bypass two-factor authentication and KYC.
Instead of buying fake IDs, scammers are using AI-powered tools to create entirely new documents and fake videos to pass facial recognition.
ProKYC is specifically configured to work with crypto exchanges and financial companies whose KYC protocols include matching a webcam face with a government document.
In the published video, a user integrates an AI-generated face into an Australian passport template. ProKYC then creates a video and photo of the person to bypass KYC on the Bybit crypto exchange.
With such tools, attackers can create new accounts on crypto exchanges, experts noted. ProKYC is available for $629 per year. It is also designed to work on payment platforms such as Stripe and Revolut.
Cato Networks Chief Security Strategist Itai Maor stressed that detecting and protecting against this new type of fraud is a complex task.
"Creating overly restrictive biometric authentication systems can lead to many false positives. On the other hand, weak control is the road to fraud," he noted.
Methods for detecting the use of AI tools exist. Some of them rely on humans manually identifying unusually high-quality images and videos, as well as inconsistencies in facial movements.
As a reminder, Binance banned 297 sybils in the Megadrop program in June. Some users had purchased “a large number of KYC-completed accounts to receive rewards in batches.”