Cointime

Cointime

Download App
iOS & Android

Certik Report: How Developers Are Using KYC To Scam Web3 Communities

Validated Project

CertiK has unveiled an underground ring of KYC actors for hire, used by rogue developers to scam Web3 communities.

Basic KYC verifications are regularly effective at annoying honest retail users, but unfortunately less so at stopping determined criminals from defrauding victims and laundering their stolen funds. Indeed, CertiK’s investigation confirms that criminals have developed several ways to bypass regular verifications, and the existence of professional “KYC actors” illustrates how easy it is to escape accountability. From our conversation with a “KYC actor”, to our deep-dive investigation into their underground world, let’s discover the dark side of the KYC industry, along with best practices for protecting communities and organizations.

A Conversation With a KYC Actor

Among the several tactics used by crypto developers who intend to scam communities and investors, the use of a KYC actor is certainly one of the most fascinating tactics detected and investigated by CertiK. In our context, a KYC actor is an individual specifically hired to KYC on behalf of rogue project owners looking to gain trust in the crypto community prior to an insider hack or an exit scam. In a particular case, after CertiK’s investigators detected and identified a KYC actor, the subject agreed to provide detailed information about the KYC actor process and industry.

According to this actor, it is surprisingly cheap and easy to hire someone to KYC for a fraudulent endeavor. He detailed how he had been posing for fake KYCs for over 3 years, and explained how simple it was for him to pass a regular KYC verification. In addition, he provided proof of transactions for his KYC gigs, as well as links to the specialized marketplaces where he finds his criminal clients. However, the reality of this undercover life is not nearly as glamorous as portrayed by Hollywood. Our interviewee showed us around his humble surroundings, explaining that most KYC actors are based in developing countries and are paid a small amount for each ‘role’, with his earnings amounting to just 20 to 30 USD per deal. This sad situation is unfortunately not surprising as we know that the modern scamming industry has no shame in organizing human trafficking and slavery for their benefit.

KYC Actor Dark Markets

Based on this insider information, our intelligence analysts were able to launch a deep dive investigation into the dark KYC marketplaces to better assess the situation and see what we could learn from it. We thoroughly scanned the activity of over 20 over-the-counter (OTC) underground markets, most of them hosted on Telegram, Discord, as well as some low-requirement phone-based apps, along with job ads placed on gig websites. Sellers and buyers meet on these OTC marketplaces based on their specific transaction requirements, negotiate their price, and usually use an escrow service for the payment. Rogue developers who prepare crypto scams also use these service to recruit KYC actors, but they represent a marginal activity percentage compared to the number of transactions for already-KYCed bank or exchange accounts, as well as direct crypto/fiat currency deals.

The cost of a KYC actor can be as low as 8 USD if the gig requirements are low - for example, bypassing a basic KYC process to open a bank or exchange account from a developing country. The price increases if the KYC actor has to face a more complex verification process, and jumps significantly if the buyer needs an actor who is a national resident of a country that is considered low-risk for money laundering, thus having a lower probability of being flagged or rejected, as well as access to a lot more services. On certain instances, we found some KYC actor roles, such as acting as the CEO of a crypto project, paid up to 500 USD a week. Our explorations show that the global prevalence of these OTC marketplaces is significant, with an above average concentration in South-East Asia and group sizes ranging from 4,000 to 300,000 members. We counted a staggering total of more than 500,000 members who were either buyers or sellers of these underground currency exchanges and fake KYC services.

The Threat of Fake KYC Badges

As observed during our interview and the subsequent investigation into the underground industry, KYC actors are not employed to protect privacy or financial freedom, but very clearly to steal funds from investors. The Web3 industry has understood that the team behind a project can be a major source of operational, reputational and legal risk, and in response, more than 40 websites have popped up offering crypto “KYC badges”, supposedly vetting project teams, with the latest numbers showing these websites have already issued over 2000 badges.

The sad reality is that the majority of these improvised verification services are worthless, because they are either too superficial to detect fraud or simply too amateur to detect insider threats, with the KYC teams missing the necessary background investigation methodology, training and experience. This can lead to very serious consequences, as fraudulent teams can easily bypass their verification process, leverage these unreliable KYC badges to mislead and scam additional investors, and escape accountability for their crimes.

How to Truly Verify a Project Team

Partnering with or investing in a Web3 start-up requires the highest level of due diligence, and the amounts of funds at stake in crypto projects are too high to rely on a simple ID-check and namecheck which can be easily faked today by determined criminals. The only way to truly verify the team behind a project is to conduct a proper, thorough background investigation on each key member and ensure this investigation is carried out by a team of professional, experienced criminal investigators and intelligence analysts.

CertiK has built such a team and process, and their investigative unit has been able to successfully detect human insider threats within project teams several weeks before they conducted insider hacks or exit scams. CertiK’s proprietary set of discrepancy and fraud signals allows for metric based, early threat detection, even with remote employees in developing countries. The scientific methodology used is especially effective in detecting KYC actors, as well as criminal operators hiding behind secondary team-members, in addition to developers attempting to conceal their involvement in previous scams and hacks.

Certik
Comments

All Comments

Recommended for you

  • US Media: Trump Team Strategizing for Potential Iran Peace Talks

    According to the website AXIOS, a US official and an informed source revealed that after three weeks of war, the Trump administration has begun preliminary discussions on the next phase and the possible form of peace negotiations with Iran. US President Trump stated on Friday that he is considering a "phased end" to the war, but US officials indicated that the fighting is expected to continue for another two to three weeks. Meanwhile, Trump's advisors hope to begin preparing for diplomatic mediation. Sources revealed that Trump's envoys Kushner and Wittcoff are participating in discussions regarding potential diplomatic avenues. Any agreement to end the war must include the reopening of the Strait of Hormuz, addressing Iran's enriched uranium stockpile, and reaching a long-term agreement on Iran's nuclear program, ballistic missiles, and support for regional proxies. Other sources also revealed that although Egypt, Qatar, and the UK have all conveyed messages between the US and Iran, there have been no direct contacts between the US and Iran in recent days. Egypt and Qatar have informed the US and Israel that Iran is interested in negotiations, but the conditions are very tough, with Iran's demands including a ceasefire, guarantees against future wars, and reparations.

  • BTC Surges Past $71,000

    Market data shows that BTC has broken through $71,000, currently trading at $71,007.92. It has seen a 1.93% increase in the last 24 hours. The market is experiencing significant volatility, so please manage your risk accordingly.

  • Golden Evening News | Key Developments on March 21st

    12:00-21:00 Keywords: Coinbase, Iran, OpenAI, James Wynn 1. Citigroup: Bitcoin could reach $165,000 this year. 2. Iranian Foreign Minister states the pursuit of a complete end to the war, not a temporary ceasefire. 3. OpenAI plans to nearly double its workforce to 8,000 employees by the end of the year. 4. James Wynn returns to HyperLiquid, shorting Bitcoin with 40x leverage. 5. Tim Cook responds to OpenClaw driving Mac Mini sales: Neural Engine added ten years ago. 6. Coinbase's asset management arm launches tokenized shares of a Bitcoin fund, accelerating its asset tokenization strategy.

  • Polymarket to Announce Major News Next Monday, Potentially Related to Token Launch or Funding

    March 21st news: A member of the official Polymarket team, Mustafa, posted on X stating that major news will be announced next Monday. Due to the inclusion of a coin emoji in the tweet, the community speculates that the significant news may be related to funding or a token launch. Previously, it was reported that prediction market platforms Kalshi and Polymarket were in discussions with potential investors for a new round of financing, with both targeting valuations of approximately $20 billion. Kalshi has recently completed a new round of financing exceeding $1 billion, reaching a valuation of $22 billion, doubling its valuation from the previous round in December last year, which was $11 billion. Sources familiar with the matter revealed that this round of financing was led by Coatue Management, and Kalshi's current annualized revenue is $1.5 billion.

  • Midday Briefing | Key Updates for March 21

    7:00 AM - 12:00 PM Keywords: Zedxion, Gold, Galaxy Digital, US SEC 1. UK Proposes Revoking License for Crypto Exchange Zedxion for Allegedly Facilitating Funding for Iran. 2. Gold Records Largest Weekly Drop in 43 Years. 3. Sources: Trump Administration Developing Plan to Seize Iranian Nuclear Material Reserves. 4. CryptoQuant Analyst: Galaxy Digital Suspected of Selling Approximately 700 BTC. 5. Galaxy Head of Research: New SEC Rules Reshape Digital Asset Regulation, Providing Clear Secondary Market Channels. 6. Claude Code Launches Cloud-Based Scheduled Tasks: Automates PR reviews, dependency upgrades, no local execution needed. 7. World Team Suspected of Conducting OTC Trade with an Entity, Sending 117 Million WLD.

  • Sources: Trump Administration Developing Plan to Seize Iranian Nuclear Material

    March 21st news, according to CBS News, multiple informed sources revealed that the Trump administration has been planning methods and options to acquire or transfer Iran's nuclear material. This comes as military actions against Iran, led by the United States and Israel, are entering a more uncertain phase. The timing of whether Trump will order such an operation remains unclear. One source stated that no decision has been made yet. However, two sources indicated that the core of the relevant planning involves the potential deployment of forces from the Joint Special Operations Command, an elite military unit often responsible for the most sensitive non-proliferation missions. (Jingshi)

  • Bitmine Adds 101.8K ETH to Staking, Total Reaches 3.14M ETH

    Onchain Lens data shows that Bitmine has added 101,776 ETH to its staking, valued at $219 million. The total amount of ETH currently staked by Bitmine has reached 3,142,291 ETH, with a total value of approximately $6.75 billion. This operation further increases the scale of its staked assets.

  • US Grants 30-Day Conditional Sanctions Waiver on Iranian Oil

    On March 21, according to the U.S. Department of the Treasury, the United States approved a 30-day authorization on March 20th, conditionally easing sanctions on Iranian oil products. This allows for the delivery and sale of Iranian crude oil and petroleum products that were already loaded onto ships as of March 20th. U.S. Treasury Secretary Janet Yellen stated that the Treasury Department is issuing a "narrowly tailored, short-term authorization" to permit the sale of Iranian oil currently stranded at sea. By temporarily releasing existing oil supplies, the U.S. will quickly provide approximately 140 million barrels of oil to the global market. The temporary, short-term authorization is strictly limited to oil already in transit. (CCTV News)

  • Golden Morning News | Key Overnight Developments on March 21

    21:00-7:00 Keywords: Interest Rate Hike, Strategy, Clarity Act, Grayscale 1. Traders estimate a 50% probability of a Federal Reserve interest rate hike by October. 2. a16z Co-founder: The combination of OpenClaw and Pi Coding Agent is one of the top ten software breakthroughs in history. 3. Strategy CEO: If Morgan Stanley allocates 2% of its Assets Under Management to BTC, it could bring in $160 billion in potential buying pressure. 4. The three major US stock indices collectively closed lower. 5. Grayscale submitted the initial S-1 filing for the Grayscale HYPE ETF to the US SEC. 6. Trump stated he is considering a gradual de-escalation of military actions against Iran. 7. US Senators reach a principled compromise on stablecoin yields, with progress made on the 'Clarity Act'.

  • Trump Considers Gradual De-escalation of Military Actions Against Iran

    On March 21st, U.S. President Donald Trump stated on his social media platform "Truth Social" on March 20th, local time, that as they consider a gradual de-escalation of major military operations against the Iranian regime in the Middle East, they are very close to achieving their established goals: completely weakening Iran's missile capabilities, launch platforms, and all related facilities. Destroying Iran's defense industry base. Eliminating Iran's naval and air force, including air defense weapon systems. Never allowing Iran to even approach nuclear capability; meanwhile, the United States must always maintain a posture that allows for a swift and forceful counterattack should such a situation arise. Protecting U.S. allies in the Middle East, including Israel, Saudi Arabia, Qatar, the United Arab Emirates, Bahrain, Kuwait, and other countries, with the highest level of force. Trump stated that the guarding and patrolling of the Strait of Hormuz should be undertaken by other countries that use the strait when necessary, and the United States will no longer bear this responsibility. If invited to assist, the United States is willing to provide support for these countries' operations in the Strait of Hormuz, but such assistance will no longer be necessary once the threat from Iran is completely eliminated. Particularly importantly, for these countries, this would be a relatively easy military operation. (CCTV News)

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company