The blockchain security firm has uncovered a new tactic used by crypto scammers as the industry continues to improve its fraud detection capabilities.
Crypto scammers have been accessing a “cheap and easy” black market of individuals willing to put their name and face on fraudulent projects — all for the low price of $8, blockchain security firm CertiK has uncovered.
These individuals, described by CertiK as “Professional KYC actors” would, in some cases, voluntarily become the verified face of a crypto project, gaining trust in the crypto community prior to an “insider hack or exit scam.”
Other uses of these KYC actors include using their identities to open up bank or exchange accounts on behalf of the bad actors.
According to a Nov. 17 blog post, CertiK analysts were able to find over 20 underground marketplaces hosted on Telegram, Discord, mobile apps, and gig websites to recruit KYC actors for as low as $8 for simple “gigs” like passing the KYC requirements “to open a bank or exchange account from a developing country.”
Pricier jobs involve the KYC actor putting their face and name on a fraudulent project. CertiK noted that most actors are seemingly exploited as they are based in developing countries “with an above-average concentration in South-East Asia” and paid around $20 or $30 per role.
Meanwhile, more complex requirements or verification processes could fetch an even higher asking price, particularly if the KYC actors are residents of countries considered a low money laundering risk.
Some roles paid up to $500 a week if an actor was to play the role of CEO for a malicious project but the KYC actor market was “marginal” compared to the market for already KYCed bank and crypto exchange accounts according to CertiK.
Crypto to fiat — or vice-versa — conversions were also cited as a significant percentage of the transactions seen on these marketplaces with CertiK calculating that more than 500,000 members in marketplace sizes ranging from 4,000 to 300,000 were buyers and sellers on these black markets.
Related: Scary stats: $3B stolen in 2022 as of ‘Hacktober,’ doubling 2021
CertiK warned that over 40 websites claiming to vet crypto projects and offer “KYC badges” are “worthless” as the services are “too superficial to detect fraud or simply too amateur to detect insider threats.”
They added the teams behind these websites are “missing the needed “investigation methodology, training, and experience” meaning these badges are then leveraged by scammers to mislead the community and investors.
That being said, the industry has been working hard and is gaining ground in its fight against crypto scammers. A tool released in October by traditional finance giant Mastercard combines artificial intelligence and blockchain data to help find and prevent fraud.
Contrary to popular belief, the open nature of blockchain transactions means it’s harder for fraudsters to hide the movement of funds. Another recent example has been the work of French authorities using on-chain analysis to find and charge five people who stole nonfungible tokens (NFT) through a phishing scam.