An investigation by Certik, a security platform focused on blockchain and decentralized finance (DeFi), has uncovered professional “KYC actors” bypassing the KYC process and scamming the crypto community. according to In a Certik blog post of November 17th.
A KYC actor is defined as an individual hired by rogue developers to impersonate the KYC process of a crypto project or exchange, lurking in the crypto community to gain trust before insider hacks and exit scams.
Certik carried out hacks and exit scams through interviews with KYC actors and surveys of activity taking place in over 20 over-the-counter (OTC) underground markets focused primarily on Telegram, Discord and non-essential phone calls. revealed the tactics used to based applications, and job advertisements.
Interviews with anonymous KYC actors revealed that such actors are cheap to hire. Some even work for as little as $8 to bypass the KYC process and open bank or exchange accounts or exchange accounts on behalf of bad actors. On the other hand, in extreme cases, if the KYC actor has to go through a more complex verification process or act as CEO of a cryptocurrency project, the reward can be as high as $500 per week.
Certik is the majority behind the operation of a global underground network of fake crypto exchanges and fake KYC services, of which 500,000 members are buyers and sellers, among 4,000 to 300,000 KYC actors based in Southeast Asia. was found to represent
The security firm also found that KYC badges, which supposedly indicate the trustworthiness of a crypto project’s KYC verification process, are misleading crypto investors.
Certik concluded by suggesting that the solution to combating KYC actors and fake KYC services lies in the highest level of due diligence and thorough background checks of each key member of any crypto project.
KYC obligation
KYC is enforced by the Financial Action Task Force (FATF) to combat Ponzi schemes and financial crimes, alongside anti-money laundering (AML) policies. The FATF began standard-setting cryptocurrency AML in 2014, requiring virtual asset service providers (VASPs), including crypto exchanges, stablecoin issuers, DeFi protocols, and NFT marketplaces offering KYC programs. mandated the application of procedures.
The KYC process has three components. The first is the customer identification program, which ensures that VASPs require identity verification to authenticate the customer’s identity. The second, Customer Due Diligence (CDD), allows VASPs to assess the risks that customers may pose to crypto projects. This process may include performing background checks and reviewing transactions.
Finally, continuous monitoring of customer accounts to identify suspicious customer activity and continuous review of transactions are also requirements that KYC must adhere to when providing crypto services.
