Cryptocurrency exchange OKX faces scrutiny as investigative journalist Joseph Cox reveals alarming flaws in its identity verification process. Cox managed to create a verified account using false identification and passports, raising questions about the platform's lax know-your-customer (KYC) and anti-money laundering (AML) procedures.
The ability to establish and verify a fake identity across multiple platforms highlights a systemic failure in the regulations governing digital financial institutions. Despite the commonality of fake IDs, OKX's vulnerability to such manipulation suggests a significant lapse in KYC/AML protocols.
Protos, following Cox's revelation, engaged with OKX's customer support on Telegram. Rather than addressing the serious concerns raised, the support dismissed Cox's findings as "fake news" and shockingly admitted that no real KYC/AML checks occur during account creation or fund deposits.
In traditional financial institutions, rigorous identity verification processes precede any fund deposits, a measure to prevent money laundering and the entry of illicit funds. OKX's failure to implement such measures contradicts industry standards.
According to OKX's customer support, KYC/AML checks only come into play when users attempt to withdraw funds. This revelation aligns with a prevailing theory on Twitter and Reddit, suggesting that many crypto exchanges prioritise KYC/AML only during withdrawal attempts, hindering users from moving or withdrawing their funds easily.
Contrary to the support's attempt to downplay the situation, it appears to shed light not only on OKX's deficiencies but also on a potential industry-wide disregard for effective KYC/AML implementation. The support's argument that "every exchange all over the world does KYC/AML" in a similar manner does not absolve OKX of its responsibilities.
As reported by Coinlive last year, within Binance's official Chinese chatrooms, Binance employees and Binance Angels have been sharing techniques with users to circumvent Binance's Know Your Customer (KYC) and verification systems. These methods include forging bank documents and providing false addresses.
Screenshot of a Binance Angel guiding a Chinese user on how to sign up for an account while in China on Binance’s Discord channel. (Source: ABMedia)
Binance Angels, who are Binance-trained volunteers, seem to frequently assist Chinese users in the registration process, even suggesting the use of a VPN to bypass restrictions and register with an overseas email as a "Taiwan resident" before switching nationality back to Chinese. It's important to note that such activities go against standard KYC and regulatory procedures, raising concerns about the integrity of Binance's user verification processes.
In the domain of cryptocurrency exchanges, several platforms founded by Chinese nationals, such as Huobi, Binance, and OKX (collectively referred to as HBO), have exited China due to regulatory challenges. They have been prohibiting mainland Chinese users from accessing and registering for their services.
Over the past two years, Bybit and Bitget have also withdrawn from China due to regulatory issues. So, what happened to the user base these platforms had built up?
Users were forced to withdraw their funds and leave, however, some sought ways to continue trading by passing the KYC verifications.
Alan Zhang, a senior crypto trader in Guangdong, has assisted numerous Chinese users in completing KYC verifications on various platforms after certain exchanges blocked mainland Chinese users.
According to Zhang, the most legitimate method involves registering an offshore BVI company and using its documents for KYC verification to trade successfully. He explained,
"The registration fee for a BVI company can be as high as $1,000 USD. Registering a UK company is cheaper, around $200 USD, but it's more troublesome due to annual audits and credit record entries. I've helped many people register foreign companies. For some big players, this is an essential need."
He also further shared that,
"But what I'm most grateful for is Taobao. Once, I successfully organised a group purchase of hundreds of driving licences from a Southeast Asian country, at a very affordable price of $100 USD per licence. And all I needed was to spend 20 RMB on Taobao to Photoshop one. These driving licences can pass the KYC on some exchange platforms."
Zhang revealed to Coinlive, "There have always been rumours that KYC verification teams at several Chinese-founded exchanges like Binance and OKX are colluding with external parties to make money. They not only accept fake documents but also pass the verification on the same day."
A former head of KYC at one exchange, who wishes to remain anonymous, told Coinlive, "Many clients provided genuine documents, but it would still take at least a week. I'm certain of this because I submitted my compliant BVI company's documents following the official process and waited two weeks for the verification."
"I didn't want my company and colleagues to know it was my personal account, but I checked the KYC verification backend many times a day, and I saw many accounts being verified on the same day," he said. "I don't want to blame anyone because I don't know which officer from the upper management, or boss, personally clicked the approval button."
In addition to enlisting traders like Zhang to aid in the KYC process, the creation of fake IDs has undergone a significant transformation with the advent of OnlyFake, an underground website harnessing advanced technologies such as neural networks and generators. The traditional method of manually crafting fake IDs with tools like Photoshop is now being replaced by a more efficient and accessible approach with just $15.
Instant Fake ID Generator: Customise details, upload a photo, and hit generate for a personalised ID in minutes. (Source: X.com @josephfcox)
Example of a fake ID. (Source: 404 MEDIA)
OnlyFake represents a significant advancement in the realm of fake IDs, moving away from manual craftsmanship towards automated generation using neural networks and sophisticated algorithms. This shift in technology poses challenges for online security and identity verification systems, potentially facilitating criminal activities such as bank fraud and money laundering.
The lax KYC/AML practices revealed at OKX underscore the urgent need for regulatory authorities to strengthen oversight of cryptocurrency exchanges. This incident raises concerns not only about OKX but also about the broader industry's commitment to preventing illicit financial activities. It's a call to action for regulators to ensure the robust implementation of KYC/AML protocols, safeguarding the integrity of the entire cryptocurrency ecosystem.
OnlyFake, an underground website, uses advanced neural networks to create lifelike fake IDs, challenging cybersecurity and ID verification, and posing significant risks to financial and online security.
MiyukiBinance unveils "Inscriptions Marketplace" for seamless trading and minting of BRC-20 and EVM tokens. Integration with Binance Web3 Wallet enhances user experience, reinforcing Binance's position in the cryptocurrency ecosystem.
EdmundBinance discontinues BUSD support, prompting users to take immediate action. This strategic move aligns with the exchange's commitment to adaptability in the dynamic crypto landscape.
Huang BoThe new IDs are set for release this month.
AlexJPMorgan Chase is saying tough luck to a customer after the bank handed tens of...
dailyhodlTokocrypto CEO will step down and 58% of staff to be laid off as part of the deal, says Tokocrypto spokesperson.
Coindesk
Coinlive Why did FTX request for an Emergency Mobilisation of $560 Million?
TristanChangpeng Zhao (CZ), CEO of cryptocurrency exchange Binance mentioned that customers who have crypto on WazirX should transfer it to ...
Bitcoinist
Nulltx