Crypto fraudsters use black market identities to avoid detection: CertiK

Crypto fraudsters use black market identities to avoid detection: CertiK

Crypto fraudsters have gained access to a “cheap and easy” black market of individuals willing to put a name and face to fraudulent projects – all for the low price of $8, blockchain security firm CertiK has revealed.

These individuals, described by CertiK as “Professional KYC actors” will in some cases voluntarily become the verified face of a crypto project, gaining the trust of the crypto community before an “insider hack or exit scam.”

Other uses of these KYC actors include using their identities to open bank or exchange accounts on behalf of the bad actors.

According to a Nov. 17 blog post, CertiK analysts were able to find over 20 underground marketplaces on Telegram, Discord, mobile apps, and gaming websites to recruit KYC actors for as little as $8 for simple “game jobs” such as fulfilling KYC- the requirements “to open a bank or exchange account from a developing country.”

More expensive jobs involve the KYC actor putting his face and name on a fraudulent project. CertiK noted that most of the actors are apparently being exploited as they are based in developing countries “with an above-average concentration in Southeast Asia” and paid around $20 or $30 per role.

Meanwhile, more complex requirements or verification processes can fetch an even higher asking price, especially if the KYC actors are residents of countries considered a low money laundering risk.

Some roles paid up to $500 a week for an actor to play the role of CEO of a nefarious project, but the KYC actor market was “marginal” compared to the market for already KYCed bank and crypto exchange accounts according to CertiK.

See also  Hackers gained access to O365 email accounts using OAuth applications "certified" by Microsoft

Crypto to fiat – or vice versa – conversions were also cited as a significant percentage of the transactions seen on these marketplaces, with CertiK estimating that more than 500,000 members ranging in market sizes from 4,000 to 300,000 were buyers and sellers on these black markets.

Related: Scary statistics: $3 billion stolen in 2022 from “Hacktober”, doubling in 2021

CertiK warned that over 40 websites that claim to vet crypto projects and offer “KYC badges” are “worthless” as the services are “too shallow to detect fraud or simply too amateurish to detect insider threats.”

They added that the teams behind these sites “lack the necessary ‘research methodology, training and experience'”, meaning these brands are being exploited by fraudsters to mislead the public and investors.

That said, the industry has been working hard and gaining ground in the fight against crypto scammers. A tool released in October by traditional finance giant Mastercard combines artificial intelligence and blockchain data to find and prevent fraud.

Contrary to popular belief, the open nature of blockchain transactions means that it is more difficult for fraudsters to hide the movement of funds. Another recent example has been the work of French authorities using chain analysis to find and charge five people who stole non-fungible tokens (NFTs) through a phishing scam.