Two AI tools were showcased last week: Elon Musk unveiled his vision of self-driving cars, space rockets and strange robots for every occasion, and hackers countered with their own tools for creating the new world order. 

Cybersecurity firm Cato Networks has uncovered ProKYC, an AI-powered deepfake tool sold on criminal forums that bypasses the Know Your Customer (KYC) checks on cryptocurrency exchanges. 

This AI software represents a new leap in fraudsters’ ability to create fake identities, potentially undermining a key security measure in centralized crypto exchanges. This comes after five years of close collaboration between crypto exchanges and the authorities. The exchanges have been forced to crack down on anonymity, after U.S. authorities jailed exchange bosses like Changpeng CZ Zhao (Binance) and Arthur Hayes (BitMex) for failing to follow Anti-Money Laundering (AML) regulations. These AI advances are therefore bad news for parties trying to fight terrorism funding (TF) and blacklisted countries like North Korea’s state-funded Lazarus hacker group.

How ProKYC’s deepfake AI KYC works

ProKYC uses advanced AI to generate two crucial elements:

1. Fake government-issued ID documents (e.g., passports)

2. Deepfake videos matching these fake IDs

In a demonstration, ProKYC created a fake Australian passport and an accompanying deepfake video. This synthetic identity successfully passed the KYC protocols of Bybit, one of the world’s largest cryptocurrency exchanges.

The tool casually offers a comprehensive package including:

• Camera emulation
• Virtual emulator
• Facial animation
• Fingerprint generation
• Verification photo creation

Priced at $629 for an annual subscription, ProKYC claims to work on major platforms beyond crypto exchanges, including payment processors like Stripe and Revolut.

The role of KYC in Crypto

While most crypto folks hate it and the doxxing that it brings, KYC processes serve several critical functions in the cryptocurrency ecosystem:

1. Fraud Prevention: Verifying user identities reduces the risk of fraudulent activities.
2. Anti-Money Laundering (AML): KYC helps track the sources of funds, making it harder for criminals to launder dirty money through crypto platforms.
3. Regulatory Compliance: Most countries are mandated by the Financial Action Task Force (FATF) to require crypto exchanges to implement KYC measures. It’s part of operating legally. If these countries don’t comply, they can be graylisted or blacklisted, opening them up for sanctions. 
4. Trust Building: Robust KYC processes enhance the credibility of exchanges for both users and regulators. It shows proper due diligence has been done by the exchanges, and users have less fear they will get shut down or abscond with users’ funds. 

Typical KYC procedures can be tiresome, but have improved over the years to become more intuitive. Now they usually involve submitting government-issued identification documents and often include facial recognition checks. 

ProKYC threatens to render these safeguards obsolete, and throw the current best practices out the window. This could have a catastrophic effect on the crypto sector, with regulators in the USA constantly seemingly seeking any reason to tie it down with heavy legislation such as the Crypto Travel Rule, and the covert Operation Choke Point 2.0.

The Broader Threat Landscape

The emergence of tools like ProKYC has far-reaching implications:

1. New Account Fraud (NAF): With ProKYC, people can create fake but verified accounts, and use them to commit various forms of fraud. These accounts can launder dirty money and be used as ‘mule accounts’ to make transfers around sanctions.

2. Financial Losses: According to AARP, new account fraud resulted in over $5.3 billion in losses in 2023, up from $3.9 billion in 2022. Tools like ProKYC could exacerbate this trend.

3. Challenge to Security Measures: The sophistication of ProKYC poses a significant challenge to existing security protocols, potentially necessitating the development of new, more robust verification methods.

4. Wider Financial Sector Impact: Tools like ProKYC currently target crypto exchanges, but similar tools could potentially be used to bypass KYC measures in traditional financial institutions.

Detection and Prevention Challenges

Identifying and thwarting fraud attempts using tools like ProKYC presents a complex challenge. Etay Maor, Chief Security Strategist at Cato Networks, points out the delicate balance required: “Creating biometric authentication systems that are super restrictive can result in many false-positive alerts. On the other hand, lax controls can result in fraud.”

Potential detection methods include:

1. Manual Verification: Human oversight to identify unusually high-quality images or videos.
2. AI-Powered Analysis: Developing AI systems to detect inconsistencies in facial movements or image quality that might be imperceptible to the human eye.
3. Multi-Layered Authentication: Implementing additional verification steps beyond document and facial recognition checks.

The effectiveness of these methods remains to be seen, as the AI technology behind deepfakes continues to advance rapidly.

Industry Response: Binance founders’ CZ’s Warning

The threat posed by AI-generated deepfakes has drawn the attention of prominent figures in the cryptocurrency world. CZ Zhao, released last week from prison, has issued a stark warning about the proliferation of AI-generated deepfake videos promoting cryptocurrency scams on social media.

Zhao cautioned on X (formerly Twitter):

There are deepfake videos of me on other social media platforms. Please beware!

Changpeng Zhao, former CEO and co-founder of Binance

CZ’s warning comes at a time when several high-profile individuals, including political figures and business leaders, have been impersonated using deepfake technology to promote fraudulent crypto schemes.

The use of deepfakes in crypto scams typically follows a familiar pattern: scammers create videos of well-known figures seemingly endorsing get-rich-quick crypto schemes, luring unsuspecting victims into transferring funds to specific wallet addresses. The promised rewards, of course, never materialize.

Of course, anyone that’s been using Crypto Twitter or Crypto YouTube over the last 18 months will be well familiar with them by now. Usually they come with some kind of countdown mechanism to pressure viewers into making a FOMO-induced mistake. 

Legal and Regulatory Implications

The rise of tools like ProKYC poses significant challenges for regulators and law enforcement agencies. In the USA, identity fraud can carry severe penalties, including up to 15 years imprisonment. However, the borderless nature of cryptocurrency and the anonymity provided by advanced AI tools make enforcement particularly challenging.

Regulators may need to reassess current KYC requirements and work closely with cryptocurrency exchanges to develop more robust verification methods. This could potentially lead to stricter regulations and increased compliance costs for exchanges.

Can AI KYC Crackers Be Stopped? 

As AI technology continues to mutate, both crypto exchanges and users must remain vigilant and adaptable. For exchanges, this may mean investing in more sophisticated AI-driven security measures and potentially rethinking traditional KYC processes. Some possible strategies include:

1. Behavioral Analysis: Monitoring user behavior patterns to detect anomalies that might indicate fraudulent activity
2. Blockchain Analysis: Leveraging the transparent nature of blockchain technology to track and analyze transaction patterns.
3. Continuous Authentication: Implementing ongoing verification processes throughout a user’s account lifecycle, rather than relying solely on initial KYC checks.

For users, awareness of these threats and a healthy skepticism towards too-good-to-be-true offers remain crucial. Education about the risks of deepfake scams and how to identify them will be increasingly important.

Collaboration between technology experts, security professionals, and regulators will be essential in developing robust defenses against these mushrooming threats. 
As the battle between security measures and fraudulent techniques continues, the integrity and legality of the cryptocurrency ecosystem – and even the legality of certain artificial intelligence methods – can come under closer scrutiny, especially as U.S. authorities are devising AI safety frameworks. Pro-anonymity crypto users might welcome this latest crypto malware, but the authorities won’t. ProKYC presents a new threat to crypto’s legality that must be treated with the utmost of urgency.

Let us know your thoughts! Sign up for a Mindplex account now, join our Telegram, or follow us on Twitter.