A vast underground ring of know-your-customer (KYC) actors for hire is being increasingly used by rogue developers with the aim to scam Web3 communities, according to a recent analysis by security-focused ranking platform CertiK.
“Basic KYC verifications are regularly effective at annoying honest retail users, but unfortunately less so at stopping determined criminals from defrauding victims and laundering their stolen funds. Indeed, CertiK’s investigation confirms that criminals have developed several ways to bypass regular verifications, and the existence of professional 'KYC actors' illustrates how easy it is to escape accountability,” according to the company.
CertiK admits that among the numerous tactics employed by crypto developers who seek to scam communities and investors, using a KYC actor is one of the most fascinating tactics that have been detected and investigated by the firm to date.
“In our context, a KYC actor is an individual specifically hired to KYC on behalf of rogue project owners looking to gain trust in the crypto community prior to an insider hack or an exit scam,” CertiK says, providing insights on the process based on an interview its experts held with one of the identified KYC actors.
“According to this actor, it is surprisingly cheap and easy to hire someone to KYC for a fraudulent endeavor. He detailed how he had been posing for fake KYCs for over 3 years and explained how simple it was for him to pass a regular KYC verification,” the firm revealed.
This said, the reality of the KYC actor’s undercover life is not as glamorous as some would expect, as most KYC actors operate in developing countries and are paid a minor amount for each ‘role’ they are given by criminals. The interviewed actor’s earnings amount to a mere $20 to $30 per deal, according to data collected by CertiK.
CertiK said its experts thoroughly scanned the activity of more than 20 over-the-counter (OTC) underground markets, the majority of which is hosted on Telegram, Discord, and also some low-requirement phone-based apps, combined with job ads published on gig websites.
“The cost of a KYC actor can be as low as 8 USD if the gig requirements are low - for example, bypassing a basic KYC process to open a bank or exchange account from a developing country. The price increases if the KYC actor has to face a more complex verification process and jumps significantly if the buyer needs an actor who is a national resident of a country that is considered low-risk for money laundering,” according to the analysis.
CertiK recognized that, in some cases, KYC actors who serve as high-level individuals, for instance, pretending to be the CEO of a crypto project, are paid up to $500 weekly.
The global prevalence of such OTC marketplaces is substantial, and the region of South-East Asia represents an above-average concentration with group sizes ranging between 4,000 and 300,000 members.
“We counted a staggering total of more than 500,000 members who were either buyers or sellers of these underground currency exchanges and fake KYC services,” according to the platform.
CertiK advises that cooperating with or investing in a Web3 startup necessitates the highest level of due diligence, and the only way to efficiently verify the team behind a crypto venture is to carry out a proper, in-depth background investigation on each of its key members.
It is vital to “ensure this investigation is carried out by a team of professional, experienced criminal investigators and intelligence analysts,” according to the firm.