Cointime

Cointime

Download App
iOS & Android

Certik Report: How Developers Are Using KYC To Scam Web3 Communities

Validated Project

CertiK has unveiled an underground ring of KYC actors for hire, used by rogue developers to scam Web3 communities.

Basic KYC verifications are regularly effective at annoying honest retail users, but unfortunately less so at stopping determined criminals from defrauding victims and laundering their stolen funds. Indeed, CertiK’s investigation confirms that criminals have developed several ways to bypass regular verifications, and the existence of professional “KYC actors” illustrates how easy it is to escape accountability. From our conversation with a “KYC actor”, to our deep-dive investigation into their underground world, let’s discover the dark side of the KYC industry, along with best practices for protecting communities and organizations.

A Conversation With a KYC Actor

Among the several tactics used by crypto developers who intend to scam communities and investors, the use of a KYC actor is certainly one of the most fascinating tactics detected and investigated by CertiK. In our context, a KYC actor is an individual specifically hired to KYC on behalf of rogue project owners looking to gain trust in the crypto community prior to an insider hack or an exit scam. In a particular case, after CertiK’s investigators detected and identified a KYC actor, the subject agreed to provide detailed information about the KYC actor process and industry.

According to this actor, it is surprisingly cheap and easy to hire someone to KYC for a fraudulent endeavor. He detailed how he had been posing for fake KYCs for over 3 years, and explained how simple it was for him to pass a regular KYC verification. In addition, he provided proof of transactions for his KYC gigs, as well as links to the specialized marketplaces where he finds his criminal clients. However, the reality of this undercover life is not nearly as glamorous as portrayed by Hollywood. Our interviewee showed us around his humble surroundings, explaining that most KYC actors are based in developing countries and are paid a small amount for each ‘role’, with his earnings amounting to just 20 to 30 USD per deal. This sad situation is unfortunately not surprising as we know that the modern scamming industry has no shame in organizing human trafficking and slavery for their benefit.

KYC Actor Dark Markets

Based on this insider information, our intelligence analysts were able to launch a deep dive investigation into the dark KYC marketplaces to better assess the situation and see what we could learn from it. We thoroughly scanned the activity of over 20 over-the-counter (OTC) underground markets, most of them hosted on Telegram, Discord, as well as some low-requirement phone-based apps, along with job ads placed on gig websites. Sellers and buyers meet on these OTC marketplaces based on their specific transaction requirements, negotiate their price, and usually use an escrow service for the payment. Rogue developers who prepare crypto scams also use these service to recruit KYC actors, but they represent a marginal activity percentage compared to the number of transactions for already-KYCed bank or exchange accounts, as well as direct crypto/fiat currency deals.

The cost of a KYC actor can be as low as 8 USD if the gig requirements are low - for example, bypassing a basic KYC process to open a bank or exchange account from a developing country. The price increases if the KYC actor has to face a more complex verification process, and jumps significantly if the buyer needs an actor who is a national resident of a country that is considered low-risk for money laundering, thus having a lower probability of being flagged or rejected, as well as access to a lot more services. On certain instances, we found some KYC actor roles, such as acting as the CEO of a crypto project, paid up to 500 USD a week. Our explorations show that the global prevalence of these OTC marketplaces is significant, with an above average concentration in South-East Asia and group sizes ranging from 4,000 to 300,000 members. We counted a staggering total of more than 500,000 members who were either buyers or sellers of these underground currency exchanges and fake KYC services.

The Threat of Fake KYC Badges

As observed during our interview and the subsequent investigation into the underground industry, KYC actors are not employed to protect privacy or financial freedom, but very clearly to steal funds from investors. The Web3 industry has understood that the team behind a project can be a major source of operational, reputational and legal risk, and in response, more than 40 websites have popped up offering crypto “KYC badges”, supposedly vetting project teams, with the latest numbers showing these websites have already issued over 2000 badges.

The sad reality is that the majority of these improvised verification services are worthless, because they are either too superficial to detect fraud or simply too amateur to detect insider threats, with the KYC teams missing the necessary background investigation methodology, training and experience. This can lead to very serious consequences, as fraudulent teams can easily bypass their verification process, leverage these unreliable KYC badges to mislead and scam additional investors, and escape accountability for their crimes.

How to Truly Verify a Project Team

Partnering with or investing in a Web3 start-up requires the highest level of due diligence, and the amounts of funds at stake in crypto projects are too high to rely on a simple ID-check and namecheck which can be easily faked today by determined criminals. The only way to truly verify the team behind a project is to conduct a proper, thorough background investigation on each key member and ensure this investigation is carried out by a team of professional, experienced criminal investigators and intelligence analysts.

CertiK has built such a team and process, and their investigative unit has been able to successfully detect human insider threats within project teams several weeks before they conducted insider hacks or exit scams. CertiK’s proprietary set of discrepancy and fraud signals allows for metric based, early threat detection, even with remote employees in developing countries. The scientific methodology used is especially effective in detecting KYC actors, as well as criminal operators hiding behind secondary team-members, in addition to developers attempting to conceal their involvement in previous scams and hacks.

Certik
Comments

All Comments

Recommended for you

  • Ceasefire Announced, Israeli Drones Continue Airstrikes in Southern Lebanon

    On June 19, according to reports from Lebanon, Israeli drones continued to carry out airstrikes in southern Lebanon, targeting towns and mountainous areas in Nabatiyeh and Jezzine. Ibrahim Mousawi, a member of the Lebanese Parliament from Hezbollah, stated in an interview that after both sides agreed to a ceasefire, Hezbollah immediately began to comply with the agreement while reserving the right to respond if Israel violated the ceasefire. He said, 'If Israel respects the ceasefire, we will also respect the ceasefire.' Earlier, on June 19, the Israel Defense Forces reported that air raid sirens were activated in the northern Israeli region of Zarit due to suspected drone incursions. (CCTV)

  • ETH Surpasses $1700

    Market data shows that ETH has surpassed $1700, currently priced at $1700.16, with a 24-hour decline of 2.09%. The market is experiencing significant volatility, so please ensure proper risk management.

  • BTC Surpasses $63,000

    Market data shows that BTC has surpassed $63,000, currently priced at $63,002.87, with a 24-hour decline of 1.52%. The market is experiencing significant volatility, so please ensure proper risk management.

  • Upbit to Launch RE KRW, BTC, and USDT Trading Pairs

    On June 19, according to an official announcement, Upbit will launch RE trading pairs with KRW, BTC, and USDT.

  • IRGC: Ready to Inflict a Crushing Defeat on Enemies

    On June 19, the Islamic Revolutionary Guard Corps (IRGC) issued a statement today, asserting that the remarks made by Iran's Supreme Leader Mujtaba regarding the Iran-U.S. memorandum of understanding "further solidified the united front of the Iranian people, enabling them and the armed forces to more resolutely safeguard the achievements of victory, and providing invaluable resources for Iranian politicians in their pursuit of national rights." The statement indicated that the aggressors have faced defeat on the battlefield — they once threatened to "wipe Iran off the map" and "send Iran back to the Stone Age," but now they are "desperately retreating to the point of begging for understanding and negotiation," bowing their heads before the Iranian people. The statement warned that if the enemies attempt to make unreasonable demands again, infringing upon the rights of the Iranian nation as they have in the past, the IRGC will be fully prepared to respond with even greater strength across land, sea, air, and all hybrid warfare domains — ready to deliver a more devastating historical defeat to the enemies as soon as the Supreme Leader gives the order. (CCTV International News)

  • CFTC and SEC Seek Public Input to Clarify 'Swaps' Regulatory Definition

    On June 19, in the context of related litigation at the Chicago Mercantile Exchange (CME), the U.S. Commodity Futures Trading Commission (CFTC) and the U.S. Securities and Exchange Commission (SEC) jointly issued a public request for comments, planning to update and clarify the definitions and regulatory interpretations of certain derivative products. This inquiry covers a wide range of topics, including the definition of 'swaps', the definition of 'security-based swaps', and the delineation of the exemptions applicable to these definitions. The two agencies are also seeking public input on the regulatory treatment of new or emerging financial products, which may include event contracts on prediction market platforms and perpetual futures/perpetual contracts. CFTC Chairman Michael S. Selig stated in a press release: 'Today's joint public request for comments provides an opportunity to address the long-standing regulatory ambiguities in Title VII of the Dodd-Frank Act. These ambiguities have been hindering fair competition and responsible innovation.' According to Title VII of the Dodd-Frank Act, the CFTC has regulatory authority over swap products, except for security-based swaps. SEC Chairman Paul Atkins also noted in a statement that clarifying certain definitions has become urgent, particularly regarding the regulatory classification of event-driven products.

  • Morgan Stanley Submits Revised ETF Applications for Ethereum and SOL, Disclosing Lowest Market Fees

    On June 19, Morgan Stanley submitted revised filings for spot Ethereum and Solana ETFs, marking new progress in the review process following the approval of Bitcoin ETFs. The Wall Street investment bank filed updated S-1 registration statements for the two ETFs with the U.S. SEC on Thursday. This is the second update to the applications for the Ethereum and Solana ETFs originally submitted in January. The latest S-1 documents reveal that both ETFs will have an issuance fee rate set at 0.14%, making them the lowest fee products in the U.S. market for Ethereum and Solana ETFs. According to SoSoValue data, the current fee rate for Grayscale's mini Ethereum trust is 0.15%, the lowest in the Ethereum sector, while Franklin Templeton's Solana ETF SOEZ has a fee rate of 0.19%, the lowest in the Solana segment. The revised filings also disclose that Figment, Galaxy blockchain infrastructure company, and Canada’s Coinbase will serve as the staking service providers for the products. Morgan Stanley's upcoming ETH and SOL ETFs plan to stake a portion of their holdings to earn additional staking rewards. The documents specify that 5% of the staking earnings will be allocated as service fees for the staking service providers and custodians.

  • Fidelity Launches Money Market Fund for Stablecoin Issuers Aligned with the GENIUS Act

    On June 19, Fidelity Investments launched a new government money market fund designed as a reserve storage tool for stablecoin issuing institutions. The fund, named Fidelity Digital Reserve Fund (Ticker: FYMXX), aims to achieve current income while ensuring principal safety and maintaining high liquidity, as stated in its prospectus. The fund shares are exclusively available to institutional investors, including various stablecoin issuers, and the product was officially established on June 15. The prospectus specifies: 'The fund shares are expected to be primarily held by one or more stablecoin issuers as part or all of their reserve assets for issuing stablecoins to users.' This new fund will only invest in compliant reserve assets permitted for stablecoin issuers under the GENIUS Act, including U.S. Treasury bills, medium-term notes, long-term government bonds, cash, overnight repurchase agreements, and other government money market funds that meet stablecoin regulatory requirements. The minimum initial subscription amount for the fund is set at $1 million, although the fund company can independently decide to waive or reduce this threshold. The product aims to maintain a stable net asset value of $1 per share, with an annual management fee rate of 0.25%.

  • BTC Falls Below $63,000

    Market data shows that BTC has fallen below $63,000, currently priced at $62,967.9, with a 24-hour decline of 3.7%. The market is experiencing significant volatility, so please ensure proper risk management.

  • ETH Falls Below $1700

    Market data shows that ETH has fallen below $1700, currently priced at $1699.82, with a 24-hour decline of 3.79%. The market is experiencing significant volatility, so please ensure proper risk management.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company