A threat actor named ‘Jinkusu’ is allegedly selling AI-powered cybercrime tools that exploit deepfakes and voice manipulation to bypass Know Your Customer (KYC) protocols at banks and crypto exchanges.
The tool uses real-time face swapping via InsightFace and voice modulation to deceive biometric verification systems. Cybersecurity firm Vecert Analyzer confirmed the use of these techniques.
Source: Dark Web Informer
Blockchain security expert Deddy Lavid warns this marks a significant vulnerability in current identity verification systems. He recommends adopting layered security measures combining identity checks with real-time AI monitoring.
Binance’s security chief Jimmy Su had previously noted that AI could breach KYC systems with just a single photo. These tools also enable scam operations like ‘pig butchering,’ where victims lose $5.5 billion in 200,000 cases in 2024 alone.
Jinkusu is suspected to be the same actor behind the ‘Starkiller’ phishing kit, which uses reverse proxy techniques to mimic legitimate login pages. While crypto phishing losses dropped 83% in 2025, new threats continue to emerge.
Starkiller phishing-as-a-service malware. Source: Abnormal.ai