A recently unveiled AI-powered deepfake tool, known as ProKYC, has emerged as a sophisticated means for nefarious actors to circumvent high-level Know Your Customer (KYC) protocols on cryptocurrency exchanges. According to a report from cybersecurity firm Cato Networks, this development signifies a troubling escalation in the tactics employed by cybercriminals.
Cato Networks' chief security strategist, Etay Maor, highlighted that the ProKYC tool marks a significant advancement over traditional methods previously used to bypass security measures, such as purchasing forged identity documents from the dark web. Rather than relying on counterfeit documents, the tool allows fraudsters to create entirely new identities using AI technology.
The ProKYC tool is specifically designed to exploit KYC protocols commonly used by financial institutions and cryptocurrency exchanges, which often involve verifying a user's identity through webcam images that must match their government-issued IDs, such as passports or driver’s licenses.
A video demonstration provided by ProKYC showcased the tool’s ability to generate fake ID documents alongside deepfake videos, effectively passing facial recognition challenges used by prominent crypto exchanges. In the video, a user creates an AI-generated face, incorporates it into a template of an Australian passport, and produces a deepfake video of the AI-generated individual. This composite was successfully used to bypass KYC protocols on Bybit, a Dubai-based cryptocurrency exchange.
With tools like ProKYC, cybercriminals can more easily engage in New Account Fraud (NAF), creating multiple accounts on exchanges without detection. The ProKYC website offers a subscription package priced at $629, which includes a camera, virtual emulator, facial animation capabilities, and fingerprint verification systems. Beyond crypto exchanges, the tool claims to also evade KYC measures for payment platforms like Stripe and Revolut.
Maor emphasized the complexity of detecting and safeguarding against this new form of AI-driven fraud. Implementing overly strict biometric authentication systems could lead to a high rate of false positives, while more lenient controls risk allowing fraudulent actors to slip through.
While the challenge of detecting AI-generated identities is significant, Cato Networks points out that there are methods for identifying fraudulent activities. These may involve human analysts scrutinizing unusually high-quality images and videos or detecting inconsistencies in facial movements and image quality.
The ramifications for identity fraud in the United States are severe, with penalties ranging up to 15 years in prison and hefty fines, depending on the crime's nature and extent. The rise of AI tools like ProKYC could make it more challenging for law enforcement to combat identity fraud effectively.
In September, Gen Digital, the parent company of antivirus firms Norton, Avast, and Avira, reported a surge in the use of deepfake AI videos by crypto scammers to lure victims into fraudulent token schemes. The growing prevalence of these tactics underscores the urgent need for enhanced security measures and regulatory frameworks to protect investors in the cryptocurrency space.
The advent of AI-powered tools like ProKYC presents a new frontier in the landscape of cyber fraud, particularly within the cryptocurrency industry. As fraudsters leverage advanced technologies to bypass KYC protocols, exchanges and financial institutions must remain vigilant in adapting their security measures. Ongoing collaboration between cybersecurity firms, regulatory bodies, and technology developers will be crucial in combating this evolving threat.
October 2024, Cryptoniteuae