Good Carder
Professional
- Messages
- 938
- Reaction score
- 532
- Points
- 93
Introduction: Cryptocurrencies as a New Financial Ecosystem
With the rise of cryptocurrency, payment systems — from centralized exchanges to decentralized protocols — have become the target of sophisticated attacks. Binance, Bybit, OKX, and other platforms have implemented multi-tiered KYC (Know Your Customer) systems, requiring users to provide passport scans, selfies, and sometimes even address verification.However, as numerous incidents have shown, no KYC system in the world is invulnerable, especially in the era of the widespread use of generative neural networks and deepfake technologies. By May 2026, Binance reported that its AI systems had prevented the loss of $10.53 billion, but the number of successful fraud attempts continues to grow, and carders are refining their evasion methods every day.
In this article, I will examine:
- How modern KYC systems work and where their weaknesses lie.
- Technologies for creating fake documents and deepfake verification.
- How the underground verified account market operates.
- Strategies for using no-KYC exchangers and transaction cascading.
- Blockchain analysis tools and anti-tracking methods.
Part 1. The Current State of KYC: Architecture and Vulnerabilities
1.1. Standard KYC procedures on centralized exchanges
Most major crypto exchanges (Binance, Bybit, Coinbase, OKX, Kraken) use a three-tier verification system:| Level | Requirements | Unlockable Opportunities |
|---|---|---|
| Basic (Level 1) | Email address, phone number | Withdrawal up to 0.06 BTC per day |
| Advanced (Level 2) | Scan of ID (passport/driver's license), selfie | Withdraw up to 100 BTC per day, fiat transactions |
| Full (Level 3) | Proof of address (utility bills, bank statements) | Corporate access, increased limits |
Each stage, especially the second, presents a target for attackers. Here, they must provide a fake ID and a live selfie that matches the image in the document.
1.2. Built-in protective mechanisms
Modern KYC providers (Onfido, Sumsub, Jumio, Shufti Pro) use complexes of more than 5 independent checks:- MP3 (Machine Readable Zone) passport - checksum validation.
- Matching a face on a document with a video selfie (facial recognition).
- Analysis of photo metadata (GPS, creation date, originality).
- Checking against government databases (in countries with digital IDs).
- Liveness detection – identifying counterfeit products by recognizing facial micro-movements.
Binance has upgraded its AI systems to combat deepfakes and synthetic identities, achieving, according to its data, a 100x increase in operational efficiency compared to traditional manual processing methods. However, as real-world examples show, these systems are not impenetrable.
1.3. Top Vulnerabilities in 2026
- Automated systems are vulnerable to photorealistic counterfeits. Tools like OnlyFake create fake passports in seconds, complete with metadata (GPS, device), completely bypassing basic automated checks.
- Lack of a unified verification standard across countries. Exchanges often exploit "weak links" — countries where IDs can be obtained remotely or where databases aren't integrated with global verification systems.
- Human factor. Compliance officers who visually inspect documents can be deceived by well-executed forgeries.
Part 2. AI-based KYC falsification: deepfake documents and videos
2.1. Generating Fake Documents
In 2026, fake ID generation technologies reached a level where automated systems could no longer distinguish fakes from real ones.Example 1: ChatGPT-4o vs. Binance and Revolut.
In April 2025, Polish researcher Borys Museljak demonstrated that ChatGPT-4o could create a convincing fake passport in just 5 minutes, which passed automated KYC checks on Revolut and Binance. Museljak emphasized that traditional verification methods based on photos or selfies are no longer reliable in the era of generative AI.
Example 2: OnlyFake – Mass ID Fake for $15.
In February 2024, OnlyFake was discovered generating fake IDs and passports from 26 countries for $15, which successfully bypassed KYC checks on OKX, Kraken, Bybit, Huobi, and PayPal. A Revolut representative acknowledged that this is an "industry-wide problem." Later, AI tools like OnlyFake began to fake not only images but also metadata, including GPS coordinates and device information.
2.2. Deepfake video for liveness detection
The most serious threat comes from tools capable of real-time face swapping during video verification.ProKYC Tool (2024):
The ProKYC toolkit creates an artificial face, embeds it in a fake ID template, and then generates a deepfake video that successfully passes facial recognition checks on exchanges, including Bybit. A built-in voice module allows for the synchronization of speech and facial expressions. Cato Networks specialists noted that this tool significantly increases the potential for New Account Fraud (NAF) — a fraudulent method of creating new accounts.
JINKUSU CAM Tool (2026):
JINKUSU CAM, currently in development as of April 2026, is a real-time deepfake kit for bypassing KYC on Binance, Coinbase, Kraken, and OKX.
Technical capabilities:
- Face swap on GPU — real-time face swapping using InsightFace frameworks.
- Audiovisual synchronization — speech generation with the ability to change timbre, pitch, and accent to suit the chosen personality.
- Support for virtual cameras via OBS and integration with browsers and Android emulators.
- Facial expression recognition and synchronization with the face using GFPGAN and expression tracking.
Jinkusu, a JINKUSU CAM vendor known as Jinkusu, who sells his kit on the dark web, is believed to be affiliated with the developer of the Starkiller phishing tool, which ran headless browsers in Docker containers to spoof legitimate web pages in real time.
2.3. The full cycle of creating a fake KYC identity
- Collecting baseline data from open sources (e.g., a photo of the victim from social media) or generating a synthetic face using StyleGAN or another generative adversarial network.
- Generating an ID template using AI tools (ChatGPT-4o for content, OnlyFake for layout and metadata).
- Generate deepfake videos using ProKYC or JINKUSU CAM, which simulates facial movements and voice.
- Completing the KYC procedure in real time.
- Obtain a fully verified account with Level 2 or Level 3 status without using real documents.
Part 3. The Market for Ready-Made KYC Accounts
3.1. Economics and scale of the underground market
As of April 2026, thousands of verified Binance accounts are sold daily through dark forums, messaging apps, and darknet marketplaces. Prices vary depending on the verification level, jurisdiction, and withdrawal limits.Typical black market prices (2026):
| Account type | Level | Country of registration | Average price |
|---|---|---|---|
| Basic verified | Level 2 (ID+selfie) | US / UK / EU | $80–150 |
| Premium Verified | Level 3 (address) | US / EU | $250–500 |
| Account with history (aged) | Level 2+ | Any OECD | $500–2000 |
3.2. How carders obtain accounts
- Phishing campaigns targeting real users. In 2026, massive phishing attacks were recorded, with carders exploiting all available communication channels.
- Purchasing IDs from Leaked Databases. Leaked documents from the last three to four years are still being sold on dark web forums.
- Stealing session cookies and tokens through malware and browser extensions. Carders can regain full access to an already verified account without having to go through KYC again.
- Social engineering, including mass mailings to phone numbers, where carders first check the victim's account through the password recovery function on the Binance website.
3.3. Risks of purchasing ready-made accounts for the end user
Binance uses sophisticated, combined detection methods. If the system detects that an account has been bought or resold, the exchange "permanently freezes both the buyer's and seller's accounts". Attempts to buy a verified account almost always result in a loss of funds and a permanent ban.Meanwhile, ordinary users who turn to shady services after repeatedly failing to verify legitimate accounts (due to poor photo quality, expired documents, or technical errors) fall victim to carders who steal their funds and personal data without any guarantee of account functionality.
Part 4. Cascading Strategies: No-KYC Exchangers
4.1. How no-KYC exchangers work
Platforms like ChangeNOW, Godex, and StealthEX require no registration and allow you to anonymously exchange one cryptocurrency for another, accepting funds directly from a non-custodial wallet rather than an exchange account. In most cases, KYC is not required, except in cases where automated AML/CFT monitoring systems are triggered by large transactions, suspicious chains, or law enforcement inquiries.4.2. Limits and "invisible triggers" for AML requests
ChangeNOW:- KYC is not technically required, but transactions over €2,000 often trigger AML procedures: the platform may freeze the exchange and request verification. The ChangeNOW team reserves the right to request KYC at any time if illegal activity or money laundering is suspected.
- Exchanging Monero (XMR) cryptocurrency is more likely to trigger AML checks than exchanging "clear" crypto assets with a transparent chain.
StealthEX:
- Crypto exchange without KYC, but fiat purchase transactions over $700 require verification. Essentially, "optional KYC" can be enabled at any time at the system's discretion.
Godex:
- It was originally designed as a platform that completely forgoes KYC. A verification process may be initiated for transactions exceeding standard limits. There are no strict withdrawal limits, but the system reserves the right to impose them.
4.3. Common cascading scheme
- BTC from a compromised wallet → ChangeNOW → XMR (Monero)
- XMR → Godex → LTC/BCH (less traceable coin with higher transaction speeds) → fiat via a private seller on a p2p platform without KYC
Using Monero in the middle of the chain makes tracking extremely difficult, as it combines three privacy mechanisms: ring signatures, stealth addresses, and confidential transactions. In early 2026, Monero reached an all-time high of around $790, confirming the high market demand for absolute privacy.
Part 5: Blockchain Analysis and Transaction Hiding Tactics
5.1 How Chain Analysis Works
Blockchain analysis is a method for tracking the flow of cryptocurrency between wallets using clustering, heuristics, and AI algorithms. Centralized exchanges use AI tools to flag transactions with a "history of contamination" from known criminal wallets. Such flagging can lead to funds being blocked when attempting to transfer them to a legitimate exchange without first "cleaning" them.The main tracking methods are:
| Method | Description | Vulnerability to attackers |
|---|---|---|
| Address clustering | Grouping addresses belonging to one wallet | Can be broken by complex cascading schemes using multiple crypto assets |
| Transaction graph analysis | Building translation networks and searching for suspicious patterns | Requires significant computational resources for very long chains |
| Heuristics "Common Change" | Find addresses that receive the same amount of coins after sending from the same wallet | Can be bypassed by using multiple outputs in a single transaction and random amounts |
| AI-based time window analysis | Matching the input and output times of mixers | Broken by large delays and randomized time windows |
5.2. Monero Architecture – The Current Privacy Standard
As of 2026, Monero (XMR) remains the undisputed leader in privacy among cryptoassets. Its technological foundation consists of three main components:- Ring signatures — the signature of the person who initiated the transaction is mixed with several random signatures from the blockchain's history, forming a "ring." An observer cannot determine which of the ring participants initiated the transaction.
- Stealth addresses — a unique, one-time address is generated for each transaction, so an observer cannot link multiple transfers to a single recipient.
- RingCT (Ring Confidential Transactions) — a technology that hides the transfer amount using cryptographic protocols, but still allows for verification of the correctness of the transaction.
Further improvements, such as Full-Chain Membership Proofs (FCMP++), implemented in 2024, strengthened the mathematical indistinguishability of transactions. At the beginning of 2026, Monero accounted for over $51.8 billion in locked assets in private pools.
5.3. Practical methods for bypassing tracking
To most effectively bypass blockchain analytics, combinations of the following methods are used in practice:- Using Monero. Monero is a key link in breaking the transparent chain.
- Sub-addresses and "churning" - sending Monero multiple times between your own wallets using different ring sets and delays of up to 24 hours.
- Atomic Swaps are a decentralized exchange of one cryptocurrency for another, without intermediaries and without leaving a record of the wallet connection.
- Using the Lightning Network, micropayments are not recorded on the main blockchain and are virtually untraceable by traditional explorers.
- Partial withdrawal to fiat through private P2P sellers - selling small amounts (less than $1000) to individuals in cash or through payment systems that do not require KYC.
Conclusion
The underground market for verified accounts and their creation methods using generative neural networks pose a serious threat to the financial system. A single AI tool for forging a document or creating a deepfake video is now sufficient to pass KYC and gain full access to exchange accounts. However, multi-layered KYC systems, combined with human oversight and the use of hardware data (passport NFC chips, eSIM linking), significantly raise the barrier to entry for carders.The article's key findings:
- KYC is no longer an absolute barrier. In 2026, numerous cases of successful KYC bypasses were recorded on major exchanges using fake documents and AI-generated deepfake videos.
- The verified account market is thriving, but extremely dangerous. Purchasing a ready-made account often results in lost funds and criminal prosecution.
- Proper cascading of crypto assets using Monero and no-KYC exchanges creates serious obstacles to classical chain analysis.
- Complete anonymity is unattainable. In 2026, even Monero isn't completely untraceable (AI analysis technologies are emerging), but the level of complexity proves insurmountable for the average investigation.
- Researching these techniques is key to blocking them. Without a deep understanding of modern KYC bypass methods, it's impossible to build an effective defense against them.
A quick one-line reminder:
"In 2026, no ID is authentic without hardware verification, no account is secure without behavioral analysis, and privacy requires unstructured, long chains with exchanges and waits of several days between links.
