New research by the cybersecurity reporters at 404 Media has uncovered a new tool named OnlyFakes that reliably generates fake IDs capable of bypassing KYC providers’ checks with relative ease.
The fake documents can be generated with or without a background, which would suggest it is a picture that was just taken by a user going through an ID verification process. Allegedly, several hundred fake documents can be produced at once using Excel batches.
OnlyFakes Claims to Be Against Illegal Activity
According to the website, its services may only be used as props in films and so on, “expressly forbidding” the use of the platform in order to pass KYC checks. Not long after the article exposing the website was published, the site’s founder – who goes by the nom-de-guerre John Wick – “reminded” his community of this stipulation.
However, feedback posted on associated telegram groups suggests that the owner of the platform is well aware of what it is being used for.
John Wick also stated on Telegram that he is open to buying scans of real IDs from users for $100 each in order to improve the platform, prioritizing US and EU IDs.
The use of third parties submitting their own documents for KYC purposes has unfortunately been ongoing for years, hiring people in developing countries for as little as $10 to aid scammers in gaining access to crypto platforms.
Remarkably Robust
The new tool, however, can reliably provide access to a swath of fake documents from low-risk countries. Users can upload their own pictures or choose from a gallery provided by the site. Stock backgrounds are also provided. OnlyFakes also removes the EXIF data – which includes the time, location, and device used to create the image – of the original photos and replaces them to help avoid detection.
According to users of the service, platforms like Airbnb, Revolut, Wise, and Payoneer have all been convinced of the document’s authenticity. Crypto exchanges Huobi, Coinbase, Binance, Kraken, and OKX have also been allegedly breached using these fake documents.
Here’s the process of me successfully bypassing the identity verification on OKX, a cryptocurrency exchange I’ve noticed is being used by criminals
– Asks for passport
– I took photo of my fake British passport I made earlier (didn’t need in hand)https://t.co/hCjHWbKJPf pic.twitter.com/69PvbincUP— Joseph Cox (@josephfcox) February 5, 2024
OKX, which was recently targeted by a pig butchering scam that may have seen nearly $40 million stolen from users, employs Jumio for KYC purposes.
When contacted by Mr Cox, Jumio CTO Stuart Wells stated that his platform uses a range of tools to provide great KYC.
“Our advanced ID verification process uses mobile or webcam document scanning tools that allow security teams to cross-check against trusted sources and mitigate the number of fake profiles and malicious activity. Ultimately, these added identity verification measures better protect users by deterring fraud attempts right from the user onboarding stage.”
When asked about the recent breach, Wells stated that he could not comment on OKX’s procedures.
AI Claim May Be False
According to the OnlyFakes platform, AI is used to produce the images. However, this claim is disputed by cybersecurity experts since AI currently has the tendency to mess up text that should be absolutely crisp and unambiguous on documents.
The images produced are also remarkably clear of any sign of “hallucinations,” artifacts that appear when an AI is unsure of how to render an unknown object.
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).
Credit: Source link