New research by the cybersecurity reporters at 404 Media has uncovered a new tool named OnlyFakes that reliably generates fake IDs capable of bypassing KYC providersā checks with relative ease.
The fake documents can be generated with or without a background, which would suggest it is a picture that was just taken by a user going through an ID verification process. Allegedly, several hundred fake documents can be produced at once using Excel batches.
According to the website, its services may only be used as props in films and so on, āexpressly forbiddingā the use of the platform in order to pass KYC checks. Not long after the article exposing the website was published, the siteās founder ā who goes by the nom-de-guerre John Wick ā āremindedā his community of this stipulation.
However, feedback posted on associated telegram groups suggests that the owner of the platform is well aware of what it is being used for.
John Wick also stated on Telegram that he is open to buying scans of real IDs from users for $100 each in order to improve the platform, prioritizing US and EU IDs.
The use of third parties submitting their own documents for KYC purposes has unfortunately been ongoing for years, hiring people in developing countries for as little as $10 to aid scammers in gaining access to crypto platforms.
The new tool, however, can reliably provide access to a swath of fake documents from low-risk countries. Users can upload their own pictures or choose from a gallery provided by the site. Stock backgrounds are also provided. OnlyFakes also removes the EXIF data ā which includes the time, location, and device used to create the image ā of the original photos and replaces them to help avoid detection.
According to users of the service, platforms like Airbnb, Revolut, Wise, and Payoneer have all been convinced of the documentās authenticity. Crypto exchanges Huobi, Coinbase, Binance, Kraken, and OKX have also been allegedly breached using these fake documents.
OKX, which was recently targeted by a pig butchering scam that may have seen nearly $40 million stolen from users, employs Jumio for KYC purposes.
When contacted by Mr Cox, Jumio CTO Stuart Wells stated that his platform uses a range of tools to provide great KYC.
When asked about the recent breach, Wells stated that he could not comment on OKXās procedures.
According to the OnlyFakes platform, AI is used to produce the images. However, this claim is disputed by cybersecurity experts since AI currently has the tendency to mess up text that should be absolutely crisp and unambiguous on documents.
The images produced are also remarkably clear of any sign of āhallucinations,ā artifacts that appear when an AI is unsure of how to render an unknown object.
The post New Platform Enables Fraudulent KYC for Only $15, Targets Crypto Platforms: Report appeared first on CryptoPotato.
The fake documents can be generated with or without a background, which would suggest it is a picture that was just taken by a user going through an ID verification process. Allegedly, several hundred fake documents can be produced at once using Excel batches.
OnlyFakes Claims to Be Against Illegal Activity
According to the website, its services may only be used as props in films and so on, āexpressly forbiddingā the use of the platform in order to pass KYC checks. Not long after the article exposing the website was published, the siteās founder ā who goes by the nom-de-guerre John Wick ā āremindedā his community of this stipulation.
However, feedback posted on associated telegram groups suggests that the owner of the platform is well aware of what it is being used for.
John Wick also stated on Telegram that he is open to buying scans of real IDs from users for $100 each in order to improve the platform, prioritizing US and EU IDs.
The use of third parties submitting their own documents for KYC purposes has unfortunately been ongoing for years, hiring people in developing countries for as little as $10 to aid scammers in gaining access to crypto platforms.
Remarkably Robust
The new tool, however, can reliably provide access to a swath of fake documents from low-risk countries. Users can upload their own pictures or choose from a gallery provided by the site. Stock backgrounds are also provided. OnlyFakes also removes the EXIF data ā which includes the time, location, and device used to create the image ā of the original photos and replaces them to help avoid detection.
According to users of the service, platforms like Airbnb, Revolut, Wise, and Payoneer have all been convinced of the documentās authenticity. Crypto exchanges Huobi, Coinbase, Binance, Kraken, and OKX have also been allegedly breached using these fake documents.
Hereās the process of me successfully bypassing the identity verification on OKX, a cryptocurrency exchange Iāve noticed is being used by criminals
ā Asks for passport
ā I took photo of my fake British passport I made earlier (didnāt need in hand)https://t.co/hCjHWbKJPf pic.twitter.com/69PvbincUP
ā Joseph Cox (@josephfcox) February 5, 2024
OKX, which was recently targeted by a pig butchering scam that may have seen nearly $40 million stolen from users, employs Jumio for KYC purposes.
When contacted by Mr Cox, Jumio CTO Stuart Wells stated that his platform uses a range of tools to provide great KYC.
āOur advanced ID verification process uses mobile or webcam document scanning tools that allow security teams to cross-check against trusted sources and mitigate the number of fake profiles and malicious activity. Ultimately, these added identity verification measures better protect users by deterring fraud attempts right from the user onboarding stage.ā
When asked about the recent breach, Wells stated that he could not comment on OKXās procedures.
AI Claim May Be False
According to the OnlyFakes platform, AI is used to produce the images. However, this claim is disputed by cybersecurity experts since AI currently has the tendency to mess up text that should be absolutely crisp and unambiguous on documents.
The images produced are also remarkably clear of any sign of āhallucinations,ā artifacts that appear when an AI is unsure of how to render an unknown object.
The post New Platform Enables Fraudulent KYC for Only $15, Targets Crypto Platforms: Report appeared first on CryptoPotato.