Low-cost AI fraud kits are no longer a fringe threat. What used to require specialized technical skill can now be bought cheaply and deployed quickly against banks and crypto platforms. Since late 2025, attackers have been using synthetic media, forged documents, and proxy tools to break through biometric and document checks that were supposed to serve as the first line of defense in digital onboarding.
The practical danger is speed. Fraudsters can now feed deepfake video and generated identity records into live verification flows within minutes, weakening both customer onboarding and anti-money-laundering controls. That shift has made account takeovers and synthetic-identity fraud more scalable across financial services, including both traditional institutions and digital-asset platforms.
🚨 CRYPTO SECURITY ALERT: THE END OF FACIAL VERIFICATION (KYC) 🚨
🌐 The launch of JINKUSU CAM—a cybercriminal tool—has been detected. It is a powerful AI suite designed specifically to BREACH the security protocols of the world's largest exchanges (Binance, Coinbase, Kraken,… pic.twitter.com/qZgVYkDxn9
— VECERT Analyzer (@VECERTRadar) April 5, 2026
Cheap tools are making advanced fraud widely accessible
The economics of the problem are striking. Some of the kits used in these attacks reportedly cost only about $300, bringing sophisticated identity fraud within reach of far less experienced actors. Tooling identified in the reporting includes malware suites such as ProKYC and Starkiller, both linked to an actor calling itself Jinkusu, and the techniques have been associated with attacks affecting platforms such as Bybit, Stripe, and Revolut.
The attack model is built around layering several AI capabilities together. Criminals are generating photoreal faces, fabricating identity documents, and producing deepfake video and audio that can imitate normal gestures and speech during verification. Instead of relying on static fake files alone, they are pushing this media through virtual-camera plugins or reverse proxies directly into live KYC systems, sidestepping many of the liveness and anti-injection controls those systems were designed to enforce.
The result is not theoretical. One toolkit was reportedly able to complete a successful bypass in as little as five minutes, showing how little time firms may have to detect and stop a fraudulent onboarding attempt. Proxy phishing tools make the situation even worse by harvesting real credentials, which can then be used either for direct account takeover or to support a synthetic identity operation with pieces of legitimate user data.
Losses are already mounting, and the pressure is growing
The financial damage is already visible. Deepfake-enabled fraud accounted for more than $200 million in losses in the first quarter of 2025, while the cryptocurrency ATM sector recorded a 33% rise in losses over the course of 2025. Metrics cited in the source material also suggest that AI-enhanced fraud is materially more effective than older attack methods, which means the scale of losses may accelerate as the tools become easier to distribute.
The warning from policy and security circles is becoming more direct. The World Economic Forum described identity as “synthetic, scalable, and weaponizable,” a phrase that captures how quickly this threat has evolved from isolated deception into a broader infrastructure problem. That is why the conversation is shifting away from whether legacy KYC controls are still useful and toward whether they can survive in their current form without major reinforcement.
For financial institutions and crypto platforms, incremental fixes are unlikely to be enough. Static, siloed onboarding checks are proving too weak against attackers who can combine media generation, credential theft, and live feed injection in a single workflow. A more credible response will require layered defenses that include media forensics, injection detection, continuous monitoring, coordinated threat intelligence, and stronger governance around vendors and procurement.
The operational roadmap is already beginning to take shape. Eric Huber of TD Bank argued that firms should appoint an AI lead within a week, map their attack surface within three months, and update risk frameworks and technology within six months. That timeline reflects the urgency of a threat that is no longer emerging, but already active and producing measurable losses across financial services.