Cybercriminals are using ProKYC, a $629 AI deepfake kit, to evade KYC on crypto exchanges like Bybit and platforms like Stripe. This tool generates fake IDs, videos, and fingerprints, fueling new account fraud. Learn how firms are fighting back with advanced detection.
New AI Deepfake Tool ProKYC Targets Crypto and Bank KYC SystemsA dangerous new weapon in the cybercrime arsenal, ProKYC, is enabling fraudsters to bypass Know Your Customer (KYC) verification on major cryptocurrency exchanges and financial platforms. Sold on the darknet for an annual subscription of $629, this AI-powered fraud kit generates hyper-realistic deepfakes, including images, videos, fingerprints, and integrated government ID templates, to fool facial recognition and biometric checks.[1][3]Cybersecurity firm Cato Networks first exposed ProKYC, highlighting its sophistication in targeting platforms like Bybit, Stripe, and Revolut. In a demo video, the tool created an AI-generated face, embedded it into an Australian passport template, and produced accompanying deepfake video and images that successfully passed Bybit's KYC protocols.[3] This "bypass-as-a-service" model lowers the barrier for criminals, allowing New Account Fraud (NAF) at scale.[1][4]How ProKYC Works: A Breakdown of Its Deadly FeaturesProKYC operates through three core AI-driven components, making it a one-stop shop for identity forgery:Deepfake Image and Video Generation: Uses advanced machine learning to craft lifelike visuals of non-existent people, mimicking subtle human traits like blinking and smiling to defeat liveness detection.[1][2]Fingerprint Synthesis: Produces artificial fingerprints for multi-factor biometric authentication, creating complete fake profiles.[1]ID Template Integration: Seamlessly merges deepfakes with real government-issued ID formats, evading photo-ID matching systems.[1][3]Beyond visuals, related tools incorporate voice cloning for audio verification bypasses and synthetic document creation, sold readily on underground forums.[2][4] Trend Micro's research confirms off-the-shelf deepfake tools like Deepfake Offensive Toolkit (DoT) and Deep-Live-Cam can breach major eKYC providers, signaling that current AI-based KYC is "broken" against pros.[4]The Rising Tide of Deepfake Fraud in Crypto and FinanceDeepfakes pose an existential threat to eKYC systems, with U.S. FinCEN reporting a spike in synthetic media-related suspicious activities in 2023-2024.[2] Signicat's data shows 42.5% of fraud attempts now use AI, with 29% succeeding.[2] In crypto, this enables money laundering via layered transactions or account takeovers, while banks face synthetic identity fraud blending real and fake data.[5][7]A chilling real-world example: In early 2025, a finance pro was duped by a deepfake CFO in a video call, authorizing a $25 million USD transfer.[6] As deepfakes evolve, manual reviews fail against hundreds of AI-tested variations.[5]Fighting Back: AI vs. AI in the KYC Arms RacePlatforms are countering with deepfake detection solutions. Reality Defender uses AI to flag manipulations in video and audio in real-time.[2] KYC-Chain employs multi-layered defenses: image analysis, behavioral biometrics, metadata forensics, and liveness checks.[5]ComplyCube and Mitek advocate robust eKYC with skin texture analysis and fraud databases.[6][7] Experts recommend mandatory commercial fraud checks and deepfake models, balancing security without excessive false positives that frustrate legit users.[3][4]Ondato and Microblink highlight pixel-pattern AI detectors outperforming humans.[8][9] As banks invest in "fraud labs," the battle is AI vs. AI—defensive tech must evolve faster than criminal tools.[10]Implications for Crypto Users and IndustryFor crypto traders, ProKYC underscores the need for vigilance: even top exchanges aren't immune. Users should favor platforms with layered biometrics and support regulatory pushes for advanced verification. The darknet sale of such kits democratizes fraud, but proactive defenses like those from Cato and Trend Micro offer hope. Staying informed is key in this escalating cyber threat landscape.