A threat actor known as “Jinkusu” is reportedly selling tools designed to bypass Know Your Customer (KYC) checks used by banks and cryptocurrency platforms. The kit combines deepfake face swaps and voice manipulation to deceive KYC verification systems, according to cybercrime tracker Dark Web Informer.
Security firm Vecert Analyzer reported that Jinkusu employs AI for real-time face replacement using InsightFace to transfer gestures smoothly, alongside voice modulation to try to defeat biometric checks.
Deddy Lavid, CEO of blockchain security platform Cyvers, called the appearance of such deepfake tools a “wake-up call,” saying the development highlights weaknesses in KYC systems. “As AI lowers the barriers to synthetic identity fraud, the front door will always remain vulnerable,” Lavid told Cointelegraph, urging platforms to adopt layered defenses that pair identity verification with real-time AI monitoring.
Binance chief security officer Jimmy Su previously warned that advancing AI could defeat KYC systems using as little as a single photo of a target. The new fraud package also lowers the technical barrier for scammers to run romance-style “pig butchering” scams. In 2024, crypto investors lost roughly $5.5 billion to about 200,000 flagged pig-butchering cases.
Jinkusu is suspected to be the same actor behind Starkiller, a phishing kit released in February 2026. Unlike traditional HTML phishing pages, Starkiller spawns a headless Chrome browser inside a Docker container to load genuine login pages and act as a real-time reverse proxy, relaying all user inputs (including credentials) to attackers, Abnormal detailed in a Feb. 19 report.
While reported losses to crypto phishing fell about 83% in 2025, Scam Sniffer noted in a January report that malicious wallet-drainer scripts remained active and new malware variants continued to appear.
Cointelegraph says it follows independent, transparent journalism standards and encourages readers to verify information independently; see Cointelegraph’s Editorial Policy for details.