Mass farming of crypto exchange accounts via drops (without deepfake)

[Good Carder]

From carders to carders. Deepfake technologies for bypassing KYC are expensive and complex. For mass account farming on crypto exchanges, you don't need to synthesize faces or fake videos. A live person with real documents who will pass verification for $50-100 is enough. You get a clean, live account with Level 2 verification, withdraw funds from it, and the drop gets their commission. This is an ideal scheme for scaling without deepfake.

But there are pitfalls here too. Exchange AML scoring links accounts by IP and fingerprint, and the drop can cheat at any time – change the password and take the money. In this article, I will discuss how to find drops, how to build a "family farm" scheme, how to bypass AML account linking, and how to protect yourself from being scammed by drops.

Part 1. Drop as a KYC outsourcer: from hiring to verification​

1.1. The Drop Verification Market in 2026​

The market for fake and outsourced verification on crypto exchanges is thriving. According to investigations, over half a million people participate in underground KYC markets, and the number of verified accounts offered for sale exceeds 1 million. In 2026, a full verification package (passport, selfie, address verification) costs around 20 USDT on darknet platforms. But that's if you buy a ready-made account. If you want to control the process and guarantee that you won't be ripped off, you hire a real person directly.

1.2. Where to look for drops in 2026​

The "KYC outsourcing" scheme is already well-established. A Foresight News investigation describes a typical process: drops ("laowai") are hired through intermediaries in low-income countries (Nigeria, India, the Philippines, and African countries). Drops receive between $17 and $23 for completing verification. The carder pays the intermediary $30-50, of which $20-25 goes to the droplet, and the rest is the intermediary's commission. Intermediaries often find drops through Telegram channels, local earning forums, and crypto communities.

Where to look directly:

• Telegram channels with keywords "KYC verification", "crypto account", "earn money".
• Upwork, Fiverr - under the guise of "help with account verification" (disguised as freelancing).
• Closed carding forums (Exploit, XSS) - sections "Hiring", "Mules".
• Social networks (Facebook, Instagram) in low-income countries.

Direct drop hire prices (2026):

• Basic verification (ID + selfie) — $30–50.
• Full package (ID, selfie, address confirmation) - $70–100.
• US or EU Resident Status (proof of address required) - $100-$150.
• Long-term account rental (under your control) — $150–300 for verification plus a percentage of turnover.

Market context: The price of ready-made verified accounts on the darknet ranges from $50 to $300, depending on the verification level, country of registration, and activity history. A basic account (login and password) costs around $50, while a full set of documents, 2FA, email, and cookies costs up to $300. The price also depends on the account's age (the older the account, the more expensive) and activity history.

1.3. Verification Process: Step-by-Step Instructions​

The standard KYC process on Binance, Bybit, and OKX consists of three stages, with the first — Intermediate KYC — being the most interesting for mass-market carders. It allows withdrawal limits of up to 50–100 BTC per day:

1. Email + phone (Basic KYC) - minimum limits.
2. ID document + selfie (Intermediate KYC) - withdrawal limits up to 50-100 BTC/day.
3. Address verification + source of funds (Advanced KYC) - maximum limits.

Intermediate KYC is sufficient for the "account farming" scheme. The drop uploads a photo of their passport (or driver's license), takes a selfie, and then, following the operator's instructions, performs lively movements (blinking, head turning). In some cases, a short video selfie is required, but deepfake is not required for this — the drop does everything automatically.

Part 2. The "Family Farm" Scheme: Scaling Through Relatives​

To bypass KYC and avoid AML systems, attackers have learned to scale horizontally — through the drop's relatives. Instead of one drop, you get their entire family.

2.1 How the scheme works​

1. Hire a "base drop." This is someone who agrees to a commission and is willing to bring relatives.
2. Use relatives' data. The drop convinces his wife, brother, or parents to register accounts and complete KYC for a separate fee ($30-$50 per person). Ultimately, you end up with 5-10 accounts registered to different people but living at the same address.
3. Withdraw through controlled accounts. You transfer cryptocurrency between accounts and then withdraw it to a shared wallet or cash.

2.2. Benefits and risks of the scheme​

Advantages	Risks
Verification takes place without forged documents - exchanges will not reject it	The exchange's AML scoring links accounts by shared IP and residential address.
The accounts are "live", with real data	Exchanges may suspect family farming and block all accounts at once.
The drop controls its relatives, reducing the risk of being scammed.	If AML requests identity verification (video call), relatives may not be able to cope
Cash-out through relatives' bank cards looks legitimate	Exchanges may impose restrictions on withdrawals to common details

2.3. Reality 2026: AML systems are aware of family farms​

In 2026, Binance and Bybit actively monitor such schemes. Their systems compare residential addresses, family connections, and activity patterns. If five people simultaneously transfer cryptocurrency from the same address to a single external wallet, this triggers an AML check. Exchanges may also request confirmation of the source of funds for family transfers if they suspect money laundering.

Part 3. Exchange AML Scoring: How Accounts Are Linked by IP and Device​

Even if you hired 50 mules, without OPSEC compliance, you'll lose all your accounts. The main factors linking accounts are shared IP addresses, device fingerprints, and behavioral patterns.

3.1. Key Account Linking Signals​

Modern exchanges use several levels of multi-accounting detection:

Signal	How is it checked?	Risk
IP address	Every login is logged. If 10 accounts log in from the same IP, they are all linked. Built-in browser proxies like Surfshark or NordVPN typically have a data center IP and are unsuitable; use only residential proxies with mobile IPs.
Browser fingerprint	Canvas, WebGL, User-Agent, fonts, screen. If they match, it's a red flag.
Behavioral patterns	Synchronized actions (e.g., clicking "buy" simultaneously). If accounts make transactions at the same time, the exchange can link them into a cluster.
General details	One bank account for withdrawals from multiple accounts
General geolocation	If 10 accounts are registered for one city (one address), but are not related

Binance's official policy is one account per person, and multiple accounts are prohibited. If the exchange detects multiple accounts using the same device fingerprint or IP address, the system will mark them as "entity linking" and may suspend all accounts until the circumstances are clarified.

3.2. AML-linking bypass strategy​

1. Each account has its own device. Use different physical computers or emulators with a clean OS. At a minimum, use different virtual machines. If an emulator is detected, you lose everything. Use antidetect browsers (GoLogin, Octo Browser) to replace your fingerprint.
2. Each account is its own residential proxy. IP addresses must not only be unique but also from different subnets, not from data center ranges.
3. Proxy rotation. Don't use one proxy for two accounts.
4. Asynchronous actions. Do not withdraw funds from all accounts at once.
5. Different bank details. Do not withdraw to the same drop account.

Before working with drop accounts, be sure to check them through specialized fingerprint analysis services (Pixelscan, BrowserLeaks) to ensure that each profile appears to be a unique user with a completely different digital identity.

Part 4. Risk of being scammed: When a drop takes your money​

The biggest risk when working with drops isn't AML, but human error. A drop can change its password at any time and withdraw funds to its own account.

4.1. Why are drops thrown?​

• Greed. Seeing $10,000 in the account, the drop realizes that a 20% commission ($2,000) is too little and takes it all.
• External pressure. The police or scammers may contact the drop and force them to change their password.
• Low control. The carder has no access to the account after verification.

4.2. How to minimize the risk​

1. Use the "partial payout" scheme. Withdraw funds from your drop account in increments of $500–$1,000, rather than $10,000 in one lump sum.
2. Manage your account via the API. After verification, change your password and email, and link your phone number for 2FA. Drops should not have access to your account after verification.
3. Use sub-accounts. Binance has official sub-accounts for institutional clients, but they are not available to retail traders. However, you can create a separate API key for a drop account without withdrawal rights.
4. Deposit to a controlled wallet. Do not keep funds in the drop account for longer than 1 hour.
5. Escrow services. For large amounts, use an escrow service — a third party that freezes funds until the terms are met.

Even with perfect OPSEC, a drop remains a weak link. In underground KYC markets, sellers warn buyers that accounts can be "reclaimed" by their real owners at any time. This is a clear indication of the risk of being scammed. If a drop decides to regain access through exchange support by providing their documents, the account will be blocked and all funds frozen.

Part 5. A Complete Checklist for Farming Accounts via Drops​

• Finding Drops: Search through Telegram channels, carder forums, and crypto communities. Verification costs $30–$100.
• Family farming scheme: Recruit the drop's relatives. Farm them from different IPs and devices.
• Verification: The drop undergoes KYC verification on the exchange (Binance, Bybit, OKX). You don't use deepfake — it's needed.
• Access change: After verification, immediately change your password, email, and link your phone number (2FA). The drop should not have access to your account.
• Account isolation: Each account has its own residential proxy and antidetect profile. Don't mix IP addresses.
• AML bypass: Use different bank cards for withdrawals and different proxies for logins. Do not withdraw from multiple accounts to a single wallet.
• Drop control: Use API keys without withdrawal rights for drop accounts. Do not keep funds in your account for longer than 1 hour.
• Protection from being scammed: Use partial payouts, escrow, and never transfer more to a drop than they deserve.

Summary​

Farming crypto exchange accounts through drops is the easiest and most reliable way to obtain verified accounts en masse. You don't waste time and money on deepfakes and don't risk being blocked due to fake documents. Drops with real IDs and live selfies pass verification without any problems.

The main risks are:

• The exchange's AML scoring links accounts by shared IP addresses, fingerprints, and behavior. Isolation is the only way around this.
• A scam drop — they'll change your password and take your money. This works by changing your access rights and making partial payments.

With proper OPSEC (each account has its own proxy, its own antidetect profile, its own bank card), you can create dozens of accounts on different exchanges and cash out millions through them without attracting attention. But remember: a drop is expendable. They live for 1-3 months, after which it's best to "burn" their account. And never keep funds in a drop's account longer than necessary for withdrawal.

A quick one-line reminder:
"A $50 drop gets an account with a 50 BTC limit. The "family farm" scheme gives 10 accounts per address. AML will link by IP – use antidetect and residential proxies. If a drop scams you – change your password and link your 2FA. Never keep funds in a drop's account for longer than an hour – withdraw immediately."