CertiK, a security firm focused on blockchain and decentralized finance (DeFi) revealed in an audit report that hackers allegedly found a way to bypass the KYC verification process by spoofing other users’ accounts. Cost of the operation: $8!
How do hackers get around the KYC process?
KYC or Know Your Customer is a compulsory process of verification of the identity of the customer, of his aptitude and of the risks linked to the maintenance of a commercial relationship in order to fight against money laundering and terrorism financing.
This law applied by the FATF obliges banks and financial companies to respect and enforce this verification process. If KYC is not properly checked, serious damage can be done to the company.
Without this process, banks could open a bank account to an individual who is laundering money or using a false identity.
While the process is secure, there are still many opportunities for fraud. In any case, hackers are aware of the flaws and are exploiting them!
According to CertiK’s report, the usurpation of users’ accounts is the Trojan horse that hackers use to scam the crypto community.
In effect, hackers are going through “KYC actors”. In other words, individuals hired to pass the KYC for them. These actors then pretend to be members of a project team and the hackers then prevent the sum with a small rug pull, without revealing their identity!
Fake KYC discovered by CertiK
CertiK found this little loophole through an interview with one of the concerned. According to its revelations, the recruitment of intermediaries is mainly done on Telegram, Discord and on job boards.
The worst part? Some of them work for very little money! With only 8 dollars, scammers open an account at the bank or on an Exchange, with the identity of another individual.
The remuneration of an actor can vary according to the requirements. In cases where the intermediary must undergo more complex verification processes or act as an official representative of a project to gain the trust of users, the salary can reach $500 per week.
A sum that remains derisory considering the legal risks that this one risks! Imagine being the only person prosecuted for a crime you didn’t even commit!
Faced with these revelations, CertiK did not remain indifferent. The company stressed the need for thorough investigations to verify key members of a crypto project. If we understand the interest of such a verification, it is still necessary to avoid falling into excess…
As a journalist at Coinpri, I’ve been captivated by the world of bitcoin and blockchain since 2020. The decentralized aspect of Bitcoin particularly piqued my interest. Since then, I’ve been working constantly to spread my knowledge, hoping one day to see a world where everyone fully enjoys their financial freedom.