A new AI-powered cybercrime tool, allegedly sold by a darknet threat actor known as "Jinkusu," is designed to bypass Know Your Customer (KYC) verification systems at banks and cryptocurrency platforms using sophisticated deepfake and voice manipulation technology. The tool, highlighted in a Sunday X post by cybercrime tracker Dark Web Informer, uses AI for real-time face swaps via InsightFace to enable "fluid gesture transfers" and voice modulation to evade biometric checks.
Cybersecurity firm Vecert Analyzer detailed the kit's capabilities, warning it poses a direct threat to major exchanges like Binance, Coinbase, and Kraken. The emergence of such tools is a "wake-up call" for the industry, according to Deddy Lavid, CEO of blockchain security platform Cyvers. "As AI lowers the barriers to synthetic identity fraud, the front door will always remain vulnerable," Lavid told Cointelegraph, urging platforms to adopt a layered security approach combining identity verification with real-time AI monitoring.
The threat extends beyond simple identity forgery to live impersonation. Binance Chief Security Officer Jimmy Su had warned as early as May 2023 that improving AI algorithms would eventually be able to crack KYC systems using just a single picture of a victim. The new fraud kit also lowers the technical barrier for romance scams like "pig butchering," a scheme that reportedly led to crypto investors losing $5.5 billion across 200,000 flagged cases in 2024 alone.
Investigators link Jinkusu to the earlier release of the "Starkiller" phishing kit in February 2026. Unlike traditional kits, Starkiller creates a real-time reverse proxy using a headless Chrome browser inside a Docker container to load genuine login pages and relay user credentials directly to attackers. This points to a broader, modular "scam-as-a-service" ecosystem emerging, even as overall losses to crypto phishing attacks fell 83% in 2025.
