CertiK intelligence analysts have noticed an evolution in the use of KYC actors by malicious operators. According to our observations, some fraudsters have become more organized and are going to great lengths to recruit professional actors or marketers to circumvent due diligence verifications. This type of KYC fraud is being used to deceive the crypto community and also to slip past security processes at traditional banks. In response, CertiK’s investigation team has conducted a thorough analysis and is providing guidance on how to detect and avoid this fraudulent scheme.
Last year, CertiK’s cybersecurity investigators uncovered an underground KYC actor industry, which fraudsters have used to obtain fake KYCs, bypass security measures and conduct a wide array of scams while escaping accountability for their crimes. To combat this growing threat, CertiK created the KYC Badge - an enhanced due diligence process designed to detect KYC actors and other types of fraud. The goal of this service is to provide verified development teams with a label of authenticity, and to help crypto communities avoid falling victim to scams.
We have further analyzed the fraud attempts and identified three different categories of KYC actors:
Low-level KYC actors are individuals who “sell” their identity to a fraudster, and don’t have any other involvement in his project. They represent a quarter of KYC actor fraud;
Medium-level KYC actors are secondary team members who are asked to falsely claim that they are in charge of the project. They represent more than half of KYC actor fraud
High-level KYC actors are professionals with experience in acting or in marketing. They account for less than a fifth of KYC actor fraud.
Low-level KYC actors are inexpensive-to-hire hustlers. They are typically untrained and unprepared for in-depth due diligence, but they have a solid experience of basic KYC fraud because they provide many KYC gigs.
The medium-level and high-level KYC actors are more prepared and able to manipulate more advanced verification and due diligence procedures, but one of their vulnerabilities is that they stick with their projects for a longer time, so they have less quantitative experience in KYC fraud.
An investigation into fraud recently uncovered that a crypto project team purportedly hired actors to circumvent CertiK's due diligence process and fraudulently obtain a KYC badge in an attempt to deceive their community and investors. Upon conducting a thorough analysis of discrepancies, CertiK's investigators concluded that the presented team was likely a front for the project, and that the actual founder, who was actively concealing his involvement, was in control.
Background investigations on two individuals who claimed to be running the crypto venture revealed that they had concealed their past as actors. Records of their previous activities in artistic performances and makeup transformations were found. One of them, a Russian citizen based in Moscow, stated that he had been hired a year earlier by an American citizen who was supposedly the real founder and in control of the venture. CertiK’s intelligence analysts conducted further research and found several felony criminal records that matched the description. The Russian citizen also mentioned that their employer invested two million dollars of his own funds into the project, but he did not know the source of the money.
Given the evidence that the real project owner was trying to deceive CertiK’s verification process and the suspicion that their motive was to dupe the crypto community into believing they were a legitimate and vetted organization, it posed a high risk that they could later steal the liquidity of their own project and evade accountability. As a result, CertiK declined to grant them a KYC Badge. Subsequently, the investigation team received several messages from an anonymous “project contributor” aggressively demanding that they accept the two “official" representatives, cease looking into the suspected founder/owner, and approve the KYC badge for their project.
CertiK's intelligence analysts have uncovered that the use of KYC actors to deceive and scam Web3 communities is only a small part of a much larger problem. An in-depth analysis of black markets for fake KYCs has revealed that the ultimate goal of these actors is to target traditional banks, rather than crypto or DeFi. Criminals are using these fake KYCs to open bank accounts and transfer or store illicit funds without raising suspicion or being reported to authorities.
Prior to the advent of online banking, criminals had to rely on offshore banking in remote, unregulated islands to conceal their illicit activities from authorities. However, modern criminal operators have developed much more sophisticated banking schemes, structuring large numbers of bank accounts opened with fake KYCs. These online bank accounts appear to be completely legitimate, but are in fact based on KYC fraud, enabling illicit activities without detection or traceability.
Acquiring fake bank accounts through fraudulent KYCs is remarkably easy and inexpensive, with fake KYCs being sold on the black market for as little as $8. The risk/reward ratio for criminals is highly favorable, as they can open multiple bank accounts to minimize the amount of funds stored in each account and reduce the risk of detection. Transferring or storing illicit funds in legitimate banks is far more convenient and accessible than offshore banks.
The stark contrast between the rigorous compliance requirements and the rampant fraud in the KYC industry indicates that the sector has grown at such a rapid pace that it has become a mere “check the box” procedure, disconnected from its primary goal of reducing criminal activity. Despite the estimated financial crime prevention cost of $274 billion annually, the underground fake KYC industry demonstrates that the security measures in place can be easily bypassed by determined criminals.
In the context of Web3, criminals employ KYC actors to deceive crypto communities into believing they are verified and trustworthy, when in reality they remain completely unverified and unaccountable. This creates a challenging situation for Web3 communities, as well-intentioned, legitimate developers may fear government fines or detainment. Meanwhile, criminals exploit this fear to remain anonymous and continue to scam communities and investors. CertiK’s investigators have identified over 2000 instances of fake or unreliable KYC badges used by project teams to deceive their targets into trusting them. These KYC badges were labeled as unreliable because they can be easily bypassed by KYC actors.
In a broader context, KYC actors and other KYC frauds present a severe operational and legal risk for organizations. Failing to address this issue may bring much-needed growth capital to businesses, cities, and countries in the short term. However, in the long run, rampant fraud has been shown to have negative effects on countries and economies. It can increase corruption and organized crime, decrease goodwill, productivity, and competitiveness of businesses, thereby undermining trust in law and institutions and threatening societal stability. Therefore, it is essential to implement robust security measures to prevent KYC fraud.
The CertiK research team has developed a new standard KYC verification, which has become the industry benchmark for high-level due diligence. As a result, organizations and institutions have shown a keen interest in these advanced fraud detection processes to enhance their risk management and compliance programs, utilizing CertiK’s risk advisory service.
Although ID-checks and name-checks are essential steps in a KYC process, they are not sufficient to detect high-level fraud schemes. The use of KYC actors by criminals can render the due diligence process ineffective, as risk officers verify the identity and background of the wrong person. This is because identity checks have become a compromise for large-scale KYC operations, as real customer knowledge and verification is more expensive. Unfortunately, some organizations can not afford to truly know their customers, while others prefer not to know them too much. Consequently, relying solely on identity verification presents a significant risk for organizations as they may fall prey to fraud schemes that can be easily avoided with proper and comprehensive due diligence. Expert investigators have found that criminal operators often hide behind intermediaries, making it essential to conduct a thorough background investigation to detect their involvement.
The concept of “background investigation” has been used for decades by government agencies to issue high-level security clearances to individuals who undergo a rigorous diligence process. This investigative methodology can be applied by organizations to detect fraudsters and evaluate risk. An effective fraud detection and investigation methodology should include true verification, open-source intelligence, security interviews, and metrics-based discrepancy analysis. Experienced criminal investigators should be hired to conduct the verifications and evaluations, and organizational experience should be capitalized upon. Organizations can improve their detection rate by collecting and analyzing fraud data, as well as creating a dataset of tailored fraud signals.
The research conducted on the KYC actor scheme not only addressed specific security risks identified in Web3 ventures, but also highlighted an opportunity to improve due diligence standards on a broader scale. The observed fraud indicates that the KYC industry is failing to meet its primary objective of preventing criminal operators from engaging in criminal activities.
Moving from a “check the box” business model to a security solution that effectively reduces criminality requires innovation. Preventing global crimes, such as widespread corruption, will require leveraging the technological advantages of blockchain and implementing more hands-on and effective due diligence approaches. CertiK's proposition to detect KYC actors with a KYC Badge is a step in the right direction, towards a due diligence that goes beyond compliance and effectively prevents criminality.