Previously, CertiK has done some research on the KYC black market, actor hiring, and KYC buying and selling. Various platforms, including Telegram and Discord, are selling KYC-verified Web3.0 exchange account services, including KYC actor buying and selling. People can't help but wonder whether such account buying and selling activities are also rampant on the dark web.

Our investigation of buying and selling KYC accounts suggests that this may not be the case: CertiK's analysis of fraudulent buying and selling of KYC accounts across 300 darknet markets revealed that only 4% were associated with Web3.0 KYC fraud ads.

Survey background introduction

KYC (Customer Background Check) is one of the legal procedures that financial service providers must follow when selling financial service products to customers. The rules require customers to prove their identity - the use of identity documents and other personal records allows financial institutions to better assess risk and monitor all types of financial crime, including fraud, money laundering, financing of terrorism-related activities, and embezzlement identity etc.

Depending on the nature of financial services, certain countries may require: collecting identity information of their customers, assessing customers by regularly updating identity documents, screening customer transactions and keeping tabs on key individuals, etc.

It may sound complicated, but just like us ordinary people applying for a loan, we all need to investigate our background, credit, etc. In fact, people who have used centralized exchanges are likely to be familiar with some of these practices. However, the semi-anonymous nature and relatively new nature of the Web 3.0 ecosystem makes it particularly difficult for traditional financial regulators to enforce KYC on the industry. This is due to a variety of reasons, including the fact that many exchanges are located in jurisdictions with relatively loose financial regulations, and most of these jurisdictions fail to supervise financial platforms in accordance with internationally harmonized standards.

The current regulatory environment is likely to create opportunities for bad actors to use centralized exchanges (CEX) to launder and transfer funds. One of the methods used to launder money is through fraudulent KYC accounts to obtain funds.

You can read by"Dialogue with underground group "KYC" actors, unveiling the veil of fake KYC industry chain"This article for more information. This investigation focuses primarily on fraudulent KYC sales on Telegram, Discord, and other social media sites (hiring actors etc. to try to fraudulently pass KYC verification, etc.). However, we also wanted to gain a deeper understanding of how much of this activity is happening on darknet markets.

Darknet markets are often associated with criminal services, including selling stolen data, credit card information, malware, hackers for hire, buying and selling drugs and weapons, and even human organs.

Analyzing KYC sales on darknet markets

Researching on the dark web can be difficult. Research must be conducted using a special browser, or configured to access another web browser. The browser allows people to visit website URLs that end with the extension .onion. But these URLs often "come and go," and often cease to be active when domain owners move their online locations for security purposes. This makes accessing and investigating dark web markets much more complicated than it might appear on the surface. A URL that is "in" today can be replaced by an invalid URL tomorrow.

image description

Number of active and inactive links in darknet market databases

Only 27% of the links in this database are valid links. In markets where KYC accounts or KYC services are sold, the number of active links is only 4% of the total.

Not only is the number of ads for CEX accounts hosting KYC rather low, but the total number of ads on each platform is also low. The graph below shows the distribution of vendors related to the sale of KYC services across all markets.

We looked at the three most active ads and vendors by total number of ads listed so far, including Nemesis, MGM Grand, and Ares, with more than 10 ads in each market. Although these marketplaces have the highest number of ads, about half of them are incomplete links or are reposts from the same vendor.

image description

Example ad for Paxful.com KYC account Source: Ares Market

image description

Live KYC Actor Ads on the Dark Web

Summarize

Summarize

In general, the KYC CEX account buying and selling market on the dark web does not seem to be large, and it is basically irrelevant statistically to the overall amount of fraud in the industry.

So we may continue to see this kind of KYC buying and selling activities dominate on Telegram and Discord, after all, these channels are already heavily used and occupied by Web3.0 individuals and projects. These social platforms are not only easier to access than darknet markets, but also the "residents" of most Web3.0 enthusiasts. Their ease of use undoubtedly creates greater convenience for criminals.