New AI cybercrime tool targets crypto, bank KYC systems via deepfakes

A darknet threat actor is selling new fraud kit to trick KYC identity verification systems on financial platforms via AI-generated deepfakes and real-time voice altering.

A threat actor known as “Jinkusu” is allegedly selling cybercrime tools designed to bypass Know Your Customer (KYC) checks at banks and crypto platforms.

The tool uses deepfakes and voice manipulation to trick KYC verification systems on finance platforms, cybercrime tracker Dark Web Informer wrote in a Sunday X post.

Cybersecurity company Vecert Analyzer added that Jinkusu uses AI for real-time face swaps via InsightFace for “fluid gesture transfers,” along with voice modulation to evade biometrics.

The emergence of deepfake tools is a “wake-up call” for the industry, as it highlights the shortcomings of KYC verification systems, according to Deddy Lavid, CEO of blockchain security platform Cyvers.

“As AI lowers the barriers to synthetic identity fraud, the front door will always remain vulnerable,” Lavid told Cointelegraph, urging platforms to adopt a layered security approach combining identity verification with real-time AI monitoring.

Binance chief security officer Jimmy Su highlighted the growing threat of deepfake technology back in May 2023.

He warned that improving AI algorithms will be able to crack KYC identity systems by using a single picture of the victim.

Related: Revolut confirms ex-employee threatened to leak KYC data for crypto ransom

The new fraud kit also enables scammers to run romance scams, such as “pig butchering,” with no technical knowledge.

Crypto investors lost $5.5 billion to 200,000 flagged pig butchering cases in 2024.

The author of the new fraud package, Jinkusu, is suspected to be the same threat actor who released the phishing kit Starkiller in February 2026.

Unlike traditional, HTML-based phishing kits, Starkiller creates a real-time reverse proxy by creating a headless Chrome browser inside a Docker container, loading the genuine login page of the target brand and relaying all user input, including login and passwords, to the threat actor, explained cybersecurity platform Abnormal, in a Feb. 19 report.

While losses to crypto phishing attacks fell 83% in 2025, malicious crypto wallet drainer scripts remained active and new malware continued to emerge, Scam Sniffer said in a January report.

Magazine: Everybody hates GPT-5, AI shows social media can’t be fixed

Source: CoinTelegraph