Cointime

Cointime

Download App
iOS & Android

Certik Report: How Developers Are Using KYC To Scam Web3 Communities

Validated Project

CertiK has unveiled an underground ring of KYC actors for hire, used by rogue developers to scam Web3 communities.

Basic KYC verifications are regularly effective at annoying honest retail users, but unfortunately less so at stopping determined criminals from defrauding victims and laundering their stolen funds. Indeed, CertiK’s investigation confirms that criminals have developed several ways to bypass regular verifications, and the existence of professional “KYC actors” illustrates how easy it is to escape accountability. From our conversation with a “KYC actor”, to our deep-dive investigation into their underground world, let’s discover the dark side of the KYC industry, along with best practices for protecting communities and organizations.

A Conversation With a KYC Actor

Among the several tactics used by crypto developers who intend to scam communities and investors, the use of a KYC actor is certainly one of the most fascinating tactics detected and investigated by CertiK. In our context, a KYC actor is an individual specifically hired to KYC on behalf of rogue project owners looking to gain trust in the crypto community prior to an insider hack or an exit scam. In a particular case, after CertiK’s investigators detected and identified a KYC actor, the subject agreed to provide detailed information about the KYC actor process and industry.

According to this actor, it is surprisingly cheap and easy to hire someone to KYC for a fraudulent endeavor. He detailed how he had been posing for fake KYCs for over 3 years, and explained how simple it was for him to pass a regular KYC verification. In addition, he provided proof of transactions for his KYC gigs, as well as links to the specialized marketplaces where he finds his criminal clients. However, the reality of this undercover life is not nearly as glamorous as portrayed by Hollywood. Our interviewee showed us around his humble surroundings, explaining that most KYC actors are based in developing countries and are paid a small amount for each ‘role’, with his earnings amounting to just 20 to 30 USD per deal. This sad situation is unfortunately not surprising as we know that the modern scamming industry has no shame in organizing human trafficking and slavery for their benefit.

KYC Actor Dark Markets

Based on this insider information, our intelligence analysts were able to launch a deep dive investigation into the dark KYC marketplaces to better assess the situation and see what we could learn from it. We thoroughly scanned the activity of over 20 over-the-counter (OTC) underground markets, most of them hosted on Telegram, Discord, as well as some low-requirement phone-based apps, along with job ads placed on gig websites. Sellers and buyers meet on these OTC marketplaces based on their specific transaction requirements, negotiate their price, and usually use an escrow service for the payment. Rogue developers who prepare crypto scams also use these service to recruit KYC actors, but they represent a marginal activity percentage compared to the number of transactions for already-KYCed bank or exchange accounts, as well as direct crypto/fiat currency deals.

The cost of a KYC actor can be as low as 8 USD if the gig requirements are low - for example, bypassing a basic KYC process to open a bank or exchange account from a developing country. The price increases if the KYC actor has to face a more complex verification process, and jumps significantly if the buyer needs an actor who is a national resident of a country that is considered low-risk for money laundering, thus having a lower probability of being flagged or rejected, as well as access to a lot more services. On certain instances, we found some KYC actor roles, such as acting as the CEO of a crypto project, paid up to 500 USD a week. Our explorations show that the global prevalence of these OTC marketplaces is significant, with an above average concentration in South-East Asia and group sizes ranging from 4,000 to 300,000 members. We counted a staggering total of more than 500,000 members who were either buyers or sellers of these underground currency exchanges and fake KYC services.

The Threat of Fake KYC Badges

As observed during our interview and the subsequent investigation into the underground industry, KYC actors are not employed to protect privacy or financial freedom, but very clearly to steal funds from investors. The Web3 industry has understood that the team behind a project can be a major source of operational, reputational and legal risk, and in response, more than 40 websites have popped up offering crypto “KYC badges”, supposedly vetting project teams, with the latest numbers showing these websites have already issued over 2000 badges.

The sad reality is that the majority of these improvised verification services are worthless, because they are either too superficial to detect fraud or simply too amateur to detect insider threats, with the KYC teams missing the necessary background investigation methodology, training and experience. This can lead to very serious consequences, as fraudulent teams can easily bypass their verification process, leverage these unreliable KYC badges to mislead and scam additional investors, and escape accountability for their crimes.

How to Truly Verify a Project Team

Partnering with or investing in a Web3 start-up requires the highest level of due diligence, and the amounts of funds at stake in crypto projects are too high to rely on a simple ID-check and namecheck which can be easily faked today by determined criminals. The only way to truly verify the team behind a project is to conduct a proper, thorough background investigation on each key member and ensure this investigation is carried out by a team of professional, experienced criminal investigators and intelligence analysts.

CertiK has built such a team and process, and their investigative unit has been able to successfully detect human insider threats within project teams several weeks before they conducted insider hacks or exit scams. CertiK’s proprietary set of discrepancy and fraud signals allows for metric based, early threat detection, even with remote employees in developing countries. The scientific methodology used is especially effective in detecting KYC actors, as well as criminal operators hiding behind secondary team-members, in addition to developers attempting to conceal their involvement in previous scams and hacks.

Certik
Comments

All Comments

Recommended for you

  • Caixin: Mainland investors are currently not allowed to participate in the trading of Hong Kong virtual asset spot ETFs

    According to Caixin, the first batch of six virtual asset spot ETFs issued by Boshi International, Huaxia Fund (Hong Kong), and Jiashi International has been officially approved by the Hong Kong Securities Regulatory Commission. The goal is to be listed on April 30, 2024. It should be noted that mainland Chinese investors are currently not able to participate in the trading of these ETFs, despite the fact that they are first issued by Hong Kong companies under the umbrella of Chinese public funds.According to the product list on the Hong Kong Securities Regulatory Commission website, these six virtual asset spot ETFs were officially approved on April 23, 2024. The products are as follows: Jiashi Bitcoin Spot ETF (03439.HK), Jiashi Ethereum Spot ETF (03179.HK), Huaxia Bitcoin ETF (03042.HK), Huaxia Ethereum ETF (03046.HK), Boshi HashKey Bitcoin ETF (03008.HK), and Boshi HashKey Ethereum ETF (03009.HK).

  • Another person involved in the OneCoin scheme was arrested and the US prosecutors have filed a lawsuit against him

    According to court documents submitted by the Southern District of New York, William Morro, a person involved in OneCoin, has been arrested. Prosecutors said Morro lied to banks about the source of funds to conceal the source of funds related to OneCoin. He was involved in transferring $35 million related to OneCoin to an account in Hong Kong and about $6 million to an account in the United States.

  • Samourai Wallet crypto-currency mixing service co-founder arrested for money laundering

    According to The Block, the co-founders of the encrypted coin-mixing service, Samourai Wallet, have been arrested. Prosecutors allege that they laundered $100 million from Silk Road and other illegal markets. On Wednesday, Samourai CEO Keonne Rodriguez and CTO William Lonergan Hill were charged with operating the Samourai wallet.Prosecutors claim that Samourai is an unlicensed money transfer company that participated in "over $2 billion in illegal transactions and provided over $100 million in money laundering transactions for illegal dark web markets, including Silk Road." Rodriguez was arrested on Wednesday morning and will face trial in Pennsylvania.Hill was reportedly arrested in Portugal, and the US is seeking extradition. Prosecutors say that Samourai's network servers and domain name have also been seized, and the app can no longer be downloaded from the US Google Play store. Rodriguez and Hill are charged with money laundering and unlicensed money transmission, with maximum sentences of 20 years and 5 years, respectively.

  • Rune token DOG's transaction volume exceeded 100 BTC within 4 hours of launch

    According to data from Ordinal News forwarded by Runestone founder Leonidas, the Bitcoin symbol token DOG broke through a trading volume of 118.72 BTC (approximately $7,685,101 USD) within 4 hours of trading. The trading volume on three platforms was: Magic Eden on Bitcoin: 45.21 BTC; OKX Wallet: 20.37 BTC; UniSat: 53.14 BTC.

  • NFT lending volume exceeds $2 billion in Q1

    According to a report from CoinGecko, the first quarter trading volume of the lending market using non-fungible tokens (NFTs) as collateral exceeded $2 billion, a 44% increase compared to the fourth quarter of 2023. The lending platform Blend has shown significant dominance in the market, with a monthly loan amount of $562.3 million as of March 2024, occupying nearly 93% of the market share.

  • Grayscale GBTC outflow of $130 million yesterday

    According to data monitored by HODL15Capital, Grayscale's Bitcoin ETF GBTC saw an outflow of 2,000 BTC, worth about $130 million, on April 24th.

  • U.S. House of Representatives: Agreement on stablecoin regulation will soon be reached with the Chairman of the Financial Services Committee

    Maxine Waters, the Democratic leader of the US Financial Services Committee, predicted on Wednesday that she and Chairman Patrick McHenry will soon reach an agreement on stablecoin regulation legislation.

  • InfiniGods, a blockchain game studio, announced that it has received $8 million in Series A funding

    Blockchain game studio InfiniGods announced it has received $8 million in Series A funding, exclusively invested by Pantera Capital.

  • Tevaera Closes $5 Million Funding Round to Create One-Stop Gaming Ecosystem Powered by zkSync's ZK Stack

    Tevaera, a gaming platform powered by zkSync's ZK Stack, has closed a $5 million funding round led by Laser Digital and Nomura Group. The funding will support Tevaera's mission to create a one-stop gaming ecosystem. The project has attracted prominent investors, including Hashkey Capital, Fenbushi Capital, and Crypto.com Capital. Tevaera has also launched a redesigned website and is preparing to introduce two new games and the first decentralized L3 gaming chain on zkSync.

  • CertiK Chief Security Officer: The number of security incidents as of September 2023 has exceeded the total in 2022

    On October 23, at the ETH HK Side Event, a Web3 ecosystem security forum jointly held by CertiK and OKLink in Causeway Bay, Hong Kong, Professor Li Kang, Chief Security Officer of CertiK, shared his views on digital asset security construction. He pointed out that according to CertiK's statistics, the number of security incidents as of September 2023 has exceeded the total number in 2022. Hacking attacks and fraudulent behavior are still important threats, seriously hindering the development of the Web3 industry. Li Kang also mentioned the revolutionary feature of transparency in the Web3 field. The entire ecosystem can reduce security risks through public and transparent measures, such as asset management solutions. At the event, leaders from the Hong Kong Investment Promotion Agency, OKLink, and BlockSec shared their related work and latest developments in Web3 security construction. For example, CertiK and OKLink have received responses from multiple exchanges in asset tracking locking and data labeling. Finally, Li Kang hopes to further strengthen Hong Kong's position as a Web3 innovation gateway in the rapidly growing Asia-Pacific region through this sharing, and jointly promote the safe application and landing of Web3 technology.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company