Your Selfie Just Got Hijacked: Jinkusu's Deepfake Kit Turns KYC Into a Bad Dream

A threat actor going by the name "Jinkusu" is now selling cybercrime tools designed to bypass Know Your Customer checks at banks and crypto platforms. The tool leverages deepfakes and voice manipulation to trick KYC verification systems on financial platforms, according to cybercrime tracker Dark Web Informer. Because apparently, sending a blurry selfie of yourself holding a handwritten sign wasn't enough of a security theater spectacle—now AI can just steal your face entirely and go to town.

Cybersecurity company Vecert Analyzer noted that Jinkusu uses AI for real-time face swaps via InsightFace for "fluid gesture transfers," along with voice modulation to evade biometrics. That's right, folks—your biometric data just got dumped on the same internet where people still use "password123" and wonder why their wallet's empty.

The emergence of these deepfake tools is a "wake-up call" for the industry, highlighting the shortcomings of KYC verification systems, according to Deddy Lavid, CEO of blockchain security platform Cyvers. "As AI lowers the barriers to synthetic identity fraud, the front door will always remain vulnerable," Lavid told Cointelegraph, urging platforms to adopt a layered security approach combining identity verification with real-time AI monitoring. Translation: the old "send us a selfie or GTFO" method is about as useful as a screen door on a submarine.

Binance chief security officer Jimmy Su flagged the growing threat of deepfake technology back in May 2023, warning that improving AI algorithms would eventually crack KYC identity systems using just a single picture of the victim. Three years later, here we are, watching Jinkusu prove him right while the industry collectively shrugs.

The new fraud kit also enables scammers to run romance scams like "pig butchering" with zero technical knowledge. Crypto investors lost $5.5 billion to 200,000 flagged pig butchering cases in 2024. That's $5.5 billion gone to people who thought their online girlfriend really cared about them and their pension fund.

Jinkusu is suspected to be the same threat actor behind the phishing kit Starkiller, released in February 2026. Unlike traditional HTML-based phishing kits, Starkiller creates a real-time reverse proxy by running a headless Chrome browser inside a Docker container, loading the genuine login page of the target brand and relaying all user input—including login credentials and passwords—to the threat actor, explained cybersecurity platform Abnormal. It's basically a man-in-the-middle attack wearing a suit and holding the door open for you to walk into your own demise.

While losses to crypto phishing attacks fell 83% in 2025, malicious crypto wallet drainer scripts remained active and new malware kept emerging, Scam Sniffer reported in January. So sure, the punch bowl got taken away—but someone spiked the water supply.