Fraud tools that bypass know-your-customer (KYC) systems on financial platforms using AI deepfakes and real-time voice alteration are being sold on the darknet, Cointelegraph reported on Sunday.

Dark Web Informer, a cybercrime tracking service, said a seller known as Jinkusu is offering tools that deceive KYC verification systems at banks and cryptocurrency platforms. Security firm Vecert Analyzer said the tool evades biometric authentication through real-time face swaps using InsightFace and voice alteration.

Dedy Raviv (데디 라비드), CEO of blockchain security platform Cyvers, said, "As AI lowers the barrier to entry for synthetic identity fraud, the front door of platforms always remains vulnerable." He said a multi-layered security approach is needed that combines identity verification and real-time AI monitoring.

Binance Chief Security Officer Jimmy Su (지미 수) previously warned of deepfake threats in May 2023. He said advances in AI algorithms would make it possible to break through KYC systems with just a single photo of a victim.

Jinkusu is suspected of being the same person who unveiled the phishing kit Starkiller in February 2026. Unlike existing HTML-based phishing kits, Starkiller runs a headless Chrome browser inside a Docker container, displays the real login page as it is, and steals user input information in real time.