The KYC (Know Your Customer) identity verification procedure is one of the most important safeguards of cryptocurrency exchanges against money laundering. However, it turns out that artificial intelligence bypasses KYC and does it on an unprecedented scale. Although law enforcement agencies have decided to put a crusade on such practices, the situation is very complex. The key to this whole matter is a platform with a strange-sounding name called “OnlyFake”.
Artificial intelligence bypasses KYC – how is it possible?
Generative artificial intelligence can be an extremely practical tool. However, how to use these opportunities depends solely on the person using AI tools. It's a bit like using a hammer to build a house, hurt someone or split your finger. Cybercriminals are constantly exploring the possibilities of AI, and it looks like they have found another case where AI will become the perfect pick. This is about verifying identity on cryptocurrency exchanges.
The KYC (Know Your Customer) verification method is an international standard used by all cryptocurrency exchanges. The genesis of its creation was the effective prevention of money laundering using digital assets. It is worth noting that the KYC procedure has been very effective, especially considering recent years. So far, the only way to break it was to buy fake documents on the dark web. The breakdown of KYC security was helped by artificial intelligence, which generates documents so well reproduced that they allow for positive KYC verification.
OnlyFake platform, i.e. AI in the service of cybercriminals
Artificial intelligence cares about KYC, which is perfectly confirmed by the services of the OnlyFake platform. On the website, you can generate realistic-looking driving licenses and passports from as many as 26 different countries around the world using artificial intelligence. The cost of creating such a counterfeit document is ridiculously low – only $15. Interestingly, the website itself does not admit to producing fake documents, as it logically emphasizes that it is illegal. According to the platform, the AI only creates “templates that are intended exclusively for use in films, TV shows and graphics.”
Interestingly, the documents are forged with such precision that they are indistinguishable from the originals. The journalists of 404 Media decided to find out that artificial intelligence circumvents KYC using perfectly copied documents. As part of the test, they created fake documents aimed at positive verification on one of the most popular cryptocurrency exchanges. To the journalists' surprise, the documents generated by AI were successfully verified on the OKX exchange. There are also tests of users on the Internet who create realistic-looking documents, such as passports or driving licenses, whose owner is John Wick – an action hero.
Are fakes created with the help of popular AI tools?
Forging documents requires something much more controllable than commonly available AI tools such as ChatuGPT, Gemini (the former bard of AI), or Midjourney. It is necessary to use two neural networks, the first of which is optimized for cheating, and the second one is designed to detect such fakes. Networks configured in this way train and evolve each other, thanks to which the fakes created become more and more perfect. Theoretically, it is also possible to train a machine learning model on a large database containing real document scans. This means that artificial intelligence bypasses KYC, but must be properly trained to do so.
Will law enforcement authorities be able to restore the effectiveness of KYC verification?
OnlyFake has caused a major breach in security procedures, proving that artificial intelligence bypasses KYC and does it extremely effectively. On the other hand, the activity of the platform turns out to be very problematic for its users themselves, who are “exposed” on a platter. Law enforcement agencies can use not only the theoretical database of people who have already used the platform, but also the official OnlyFake channel on Telegram. There are nearly a thousand people gathered on the above-mentioned Telegram channel and their phone numbers can be used to target them.
It is worth adding here that the OnlyFake platform accepts payments in cryptocurrencies, but not in anonymous Monero. What does it mean? Well, users purchasing counterfeit IDs can be tracked using transactions on the blockchain. This only shows that the platform is focused primarily on making quick money.
The pessimistic conclusion drawn from the activities of this platform is the fact that there may soon be thousands of its clones. This puts KYC verification into question, so those responsible for cybersecurity must take decisive action. As a reminder, in Poland, using a counterfeit identity document is punishable by up to 5 years in prison.