A cybercriminal known as “Jinkusu” is allegedly selling a fraudulent tool that bypasses financial KYC checks using advanced AI deepfakes. According to dark web trackers, the kit manipulates faces and voices in real-time to trick verification systems on crypto and banking platforms. One security CEO warned this highlights the vulnerabilities of existing KYC processes and necessitates a layered security approach.
A threat actor known as “Jinkusu” is allegedly selling cybercrime tools designed to bypass Know Your Customer checks at banks and crypto platforms. The tool uses deepfakes and voice manipulation to trick KYC verification systems on finance platforms, stated Dark Web Informer.
Cybersecurity company Vecert Analyzer added that Jinkusu uses AI for real-time face swaps via InsightFace for “fluid gesture transfers,” along with voice modulation to evade biometrics. The emergence of deepfake tools is a “wake-up call” for the industry, as it highlights the shortcomings of KYC verification systems, according to Deddy Lavid, CEO of blockchain security platform Cyvers.
“As AI lowers the barriers to synthetic identity fraud, the front door will always remain vulnerable,” Lavid said, urging platforms to adopt a layered security approach combining identity verification with real-time AI monitoring. In May 2023, Binance chief security officer Jimmy Su warned that improving AI algorithms would be able to crack KYC identity systems using a single picture of a victim.
The new fraud kit also enables scammers to run romance scams, such as “pig butchering,” with no technical knowledge. Crypto investors lost an estimated $5.5 billion to 200,000 flagged pig butchering cases in 2024.
The author of the new fraud package, Jinkusu, is suspected to be the same threat actor who released the phishing kit Starkiller in February 2026. The cybersecurity platform Abnormal explained in a Feb. 19 report that Starkiller creates a real-time reverse proxy by creating a headless Chrome browser inside a Docker container.
While losses to crypto phishing attacks fell 83% in 2025, malicious crypto wallet drainer scripts remained active and new malware continued to emerge, Scam Sniffer said in a January report. The kit loads the genuine login page of a target brand and relays all user input, including login and passwords, to the threat actor.
