Incident 819: ProKYC Tool Allegedly Facilitates Deepfake-Based Account Fraud on Cryptocurrency Exchanges

Description: Cato CTRL security researchers reported that the cybercriminal group ProKYC is selling a deepfake tool capable of bypassing biometric and two-factor authentication (2FA) systems on cryptocurrency exchanges. The tool creates synthetic identities using AI-generated videos and forged documents, enabling fraudulent account creation. A demo video from ProKYC shows the tool in action against ByBit, allowing attackers to verify fake accounts for purposes such as money laundering and identity theft.

Editor Notes: Reconstructing the timeline of events: (1) Sometime before 2024: ProKYC develops a deepfake tool designed to defeat biometric and 2FA systems. (2) Sometime in Q4 of 2024: Cato CTRL security researchers discover ProKYC’s deepfake tool being sold in the cybercriminal underground. (3) October 9, 2024: Cato Networks publishes its report.

Tools

New Report New Response DiscoverView History

Entities

View all entities

Alleged: ProKYC developed and deployed an AI system, which harmed ByBit , Cryptocurrency exchanges and Cryptocurrency investors.

Incident Stats

Incident ID

819

Report Count

Incident Date

2024-10-09

Editors

Daniel Atherton

Incident Reports

Reports Timeline

Cato CTRL Threat Research: ProKYC Selling Deepfake Tool for Account Fraud Attacks

catonetworks.com

catonetworks.com · 2024

Cato CTRL security researchers have recently discovered a threat actor, ProKYC, selling a deepfake tool in the cybercriminal underground that helps threat actors beat two-factor authentication (2FA) for conducting account fraud attacks.

T…

Variants

A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.