Original Author: angelilu, Foresight News

“The service is not supported in your area.”

I don't know how many times I have seen this line. This time, I am fully prepared - I took out my passport, took a front-facing photo in front of the camera, took a back-facing photo, switched to selfie mode, took a photo holding my ID, and followed the prompts on the page to nod, shake my head, and blink. The whole process took about ten minutes, and I was more thorough than last time. Then the page redirected, displaying “Submission successful, waiting for approval.”

I waited three days. On the fourth day, I refreshed, and the status was still “Under review.” The withdrawal function was frozen, with the reason being “Waiting for identity verification to be completed.” The subscription window for the project I wanted to participate in was closing in forty-eight hours.

Or maybe there was no waiting at all - the IP address recognized before action was taken simply popped up that line: “The service is not supported in your area.” No explanation was given, no appeal channel, nor was I told what else I could do. It’s not that I don't want to cooperate; it’s that I don’t even qualify to cooperate.

This may be a situation that both you and I often encounter, a common wall in the crypto industry: KYC, Know Your Customer. KYC is the heaviest part of the term “compliance”: you have to prove you are you to get in.

Over the past five years, some mainstream exchanges have gradually outsourced KYC to commercial identity verification systems like Sumsub and Jumio, resulting in compliance costs being “productized”, becoming a continuous expense. For leading platforms, these expenses have reached millions to tens of millions of dollars.

Several industry practitioners in the crypto payment sector told Foresight News that the industry still relies heavily on third-party service providers like Sumsub and Jumio for KYC, which have obvious advantages in global data coverage and compliance capabilities.

However, as trading volumes expand and risk control needs increase, some leading institutions have begun exploring a hybrid model of “self-built risk control + third-party KYC” to achieve a better balance between costs, approval rates, and risk control.

However, no matter how high this wall is built, the underground market has already set its own pricing. On the other side of this wall, there exists a complete underground industry chain, specifically aimed at penetrating this system at a low cost. The cost to penetrate it is 20 USDT - covering the entire verification process required by exchanges: uploading a passport or driver's license, facial recognition, proof of residence, all packaged and delivered at once.

500,000 People, an Untracked Market

Following the principle of “policies from above, countermeasures from below,” I began searching for “Web3 KYC” online, and what popped up were not tutorials, but rather warnings.

CertiK's 2023 report scanned over 20 underground KYC markets and found that the total number of participants exceeded 500,000, specialized in buying and selling various verified accounts on platforms, centered in Southeast Asia, with group sizes ranging from 4,000 to 300,000 people.

The cybersecurity company ZeroFox previously reported that over one million KYC account sales posts were found on public forums and Telegram within a year, involving mainstream compliant exchanges like Coinbase Pro and Kraken, with prices ranging from $150 to $500.

CoinDesk conducted an investigation that directly spent money to buy several accounts for verification. Each account came attached with the real user's name, home address, birth date - accounts of U.S. residents even included social security numbers. Then they searched the public database and found four real individuals whose information matched exactly with the account details, sending written notifications to them. Their reactions were indeed unaware, not realizing that their names were linked to the account of a stranger, while the password for that account had never been set by them.

On a technical level, the situation is also deteriorating. According to Sumsub's 2025 identity fraud report, deepfake attacks have grown more than 2000% over the past three years, now accounting for about 1/15 of all identity fraud attempts.

The attack path has formed a three-layer structure:

• The lowest layer uses high-resolution screens with polarizers to eliminate reflections, making the “playing video” image optically close to actual filming;
• The second layer is HOOK injection attacks, directly hijacking the system call interface of the mobile camera and “feeding” pre-recorded 4K videos into the app’s capture window - what the app “sees” is the camera’s real-time output, but the actual input is a prepared video;
• The third layer is one-click AI face-swapping tools that can generate by uploading a photo, lowering the entry barrier to zero. The average cost to break through a set of real-life authentication systems: $10, yielding a return on investment of up to 1400%.

The report released by Threat Hunters, titled 2025 Global KYC Attack Risk Research Report, shows that from an industry distribution perspective, cryptocurrency exchanges and wallet payment platforms are the core targets of all KYC attacks, together accounting for over 78%. The most sold materials in these attacks are “proof of address” documents, a simple reason: they need to be frequently updated, and AI can generate them in bulk.

These figures clearly depict scenes of fraud, identity theft, and organized crime industry chains. Putting these numbers together: 500,000 participants, one million circulating sales posts, accounts from leading compliant exchanges like Coinbase, Binance US, and Kraken all included. This is not an exception of a single platform but a systemic vulnerability faced by the entire crypto compliance system - as long as KYC exists, a market to bypass it will also exist, and it is substantial.

Every report unequivocally uses terms like “threat actors,” “underground market,” and “illegal operations.” However, they share a common blind spot in perspective. They are all viewed from the outside, from the perspective of regulatory agencies and security companies, as if describing a fire happening behind glass.

Yet, none of the reports explain who those individuals that appear “online” daily on Telegram really are, how they view what they are doing, and who this business ultimately serves.

I decided to find someone within the circle to talk to.

An Underground KYC Small Dealer: 600 Transactions in Two Years

Searching for KYC on Telegram, a batch of accounts pops up in just a few seconds.

In early March, I randomly chose a seemingly trustworthy KYC intermediary. Unfortunately, I encountered a cold guy whose replies were no more than five words. For most of my questions, he responded directly with “yes,” and the most information I got was the pricing, such as “KYC for CoinList: 40 U,” “KYC for Coinbase: 20 U.”

After waiting a while without a reply, the other party sent a slightly longer message: “So can we work together?” The sentence felt like it was translated awkwardly from another language, reading as if he was discussing cooperation, but he was probably just pushing for the order. The conversation was difficult to continue.

So I turned to check the TRON chain payment address he gave me. This address has been operational since January 2024, accumulating over 59,243 USDT so far, with a total of 600 revenue transactions spanning 26 months. But the net retention is zero.

Every income is quickly cleared over a period, transferred to the same upstream address. Tracing down this chain, it ultimately transfers to OKX’s hot wallet on the TRON chain. This intermediary who helps people bypass KYC deposits every penny earned into the exchange.

An anonymous seller, with a turnover of nearly $60,000 over two years, 600 transactions, no vacations, no off-seasons, only the tidal fluctuations brought by the rhythm of new issues. This is just one address, one seller, one chain.

This chain did not connect for me, and the clues ended here. Anonymous individuals do not speak; I needed to find someone more willing to talk.

A KYC “Businessman”: Five Years, Dozens of Platforms

Finally, I found a “businessman” specializing in KYC services on X, who accepted an introduction from a friend and agreed to an interview.

His name is Maoli, and he operates a platform with a diverse range of “blockchain services.”

Speaking about the methods of Web3 KYC services, Maoli said, “I look for various channels based on the needs of my fans, and I invest time to research, gradually building this business.”

Maoli has been doing this for five years now. He operates with one assistant, and most products are automatically delivered. His product catalog covers dozens of platforms and is priced in RMB; the higher the price, the more recent users are, indicating higher popularity or harder-to-bypass identity verification hurdles.

“Once set up, it’s basically automated, especially since there’s AI to assist now,” he said, “Essentially, not many people are needed to operate.” The exception is when the market is good - during new project rushes, he can work up to 12 hours daily. During poor market conditions, he invests his time into operating X.

“The people's small shop, serving all fans in the blockchain industry.” He describes his business this way.

His clients span Chinese-speaking regions: mainland China, Hong Kong, Taiwan, Malaysia, South Korea, and the United States. The demand from mainland users is the most direct - many new platforms block Chinese IPs; uploading a passport or ID, the system automatically rejects it, with no appeal channel and no explanation.

“They buy accounts to participate in activities,” Maoli says. With each delivery, he attaches a fixed risk warning: “Since this account is registered with someone else’s information, please do not place large sums of money on the platform; participate with small amounts and enter and exit as needed.” The “risk” he warns of is that the account may be reclaimed by the original owner at any time; using someone else's identity information to register a financial account also constitutes identity fraud in most jurisdictions.

The Emerging Industry Chain

How is an order completed? Maoli described the entire process: pre-sale consultation, payment, he contacts “qualified foreigners,” who follow the pre-trained process to complete KYC, the account is then handed over to the buyer, who checks it and modifies the security settings, closing the order.

The client he remembers most is a Korean individual, the head of a professional incubation team, who always places large orders. “He always collaborates with project parties to purchase a large number of accounts,” Maoli says, “He has told me that he made a lot of money through me. However, I haven’t earned much; he makes r

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。