Written by: angelilu, Foresight News

"The service is not supported in your area."

I don't know how many times I've seen this line. This time I was fully prepared—pulled out my passport, took a picture of the front, took a picture of the back, switched to selfie mode, took a picture holding my ID, and followed the page's instructions to nod, shake my head, and blink. The whole process took about ten minutes, and I was more careful than last time. Then the page changed, showing "Submission successful, waiting for review."

I waited for three days. On the fourth day, when I refreshed, the status was still "Under review." The withdrawal function was frozen with the reason given as "waiting for identity verification to be completed." The subscription window for the project I wanted to participate in would close in forty-eight hours.

Or perhaps there was no waiting at all—the IP address recognized by the page before taking action directly popped up that line: "The service is not supported in your area." No reason given, no appeal channel, and no information on what else I could do. It's not that I don't want to cooperate; I don't even have the qualifications to cooperate.

This may be a situation that both of us often encounter; it is the most common wall in the cryptocurrency industry: KYC, Know Your Customer. KYC is the most weighty part of the term "compliance": you have to prove that you are you in order to get in.

Over the past five years, some mainstream exchanges have gradually outsourced KYC to commercial identity verification systems like Sumsub and Jumio, making compliance costs "productized" and becoming a continuous expense. For leading platforms, this expense has reached millions to tens of millions of dollars.

Many professionals in the cryptocurrency payment industry told Foresight News that the current industry still relies heavily on third-party service providers like Sumsub and Jumio at the KYC stage, which have significant advantages in global data coverage and compliance capability.

However, with the expansion of trading scale and the increased demand for risk control, some leading institutions have begun to explore a hybrid model of "self-built risk control + third-party KYC" to achieve a better balance between cost, approval rate, and risk control.

Yet, no matter how high this wall is built, the underground market has already set its own pricing. On the other side of this wall exists a complete underground industrial chain specifically designed to penetrate this system at low cost. The price to break through it is 20 USDT—covering the entire verification process required by exchanges: uploading passports or driver's licenses, facial recognition, proof of residence, delivered in one package.

500,000 people, an uncounted market

Under the principle of 'there are policies above and countermeasures below,' I began searching online for "Web3 KYC," and what popped up was not tutorials but more warnings.

CertiK released a report in 2023 that scanned over 20 underground KYC markets and found that the total number of participants at the time exceeded 500,000 people, who specifically buy and sell verified accounts from various platforms, concentrated in Southeast Asia, with group sizes ranging from 4,000 to 300,000 people.

Cybersecurity company ZeroFox once counted over 1 million KYC account sales posts on public forums and Telegram within a year, involving mainstream compliant exchanges such as Coinbase Pro and Kraken, with prices ranging from 150 to 500 dollars.

CoinDesk conducted a survey more directly, purchasing several accounts to verify. Each account came with a real user's name, home address, birth date—accounts of U.S. residents even included social security numbers. They then searched public databases and found four real individuals who perfectly matched the account information and sent them written notices. These people's reactions were indeed unaware, not realizing that their names were linked to a stranger's exchange account, and they had never set up the password for that account.

The technical aspect is also deteriorating in parallel. According to Sumsub's 2025 Identity Fraud Report, deepfake attacks have grown more than 2000% over the past three years and now account for about 1/15 of all identity fraud attempts.

The attack paths have formed a three-layer structure:

• The lowest layer uses a high-resolution screen combined with polarized filters to eliminate reflections, making the "video playback" image optically close to a real shot;
• The second layer is a HOOK injection attack, which directly hijacks the system call interface of the phone camera, feeding a pre-recorded 4K video into the application's collection window—what the application "sees" is the real-time output from the camera, but what is actually flowing in is a pre-prepared video;
• The third layer is one-click AI face-swapping tools that can be generated by uploading a photo, bringing the attack threshold down to zero. The average cost to break through a real human live certification system: 10 dollars, with a return on investment as high as 1400%.

The threat hunters' published "2025 Global KYC Attack Risk Research Report" shows, from an industry distribution perspective, that cryptocurrency exchanges and wallet payment platforms are the core targets of all KYC attacks, collectively accounting for over 78%. The most sold attack materials are "address proof" type documents, for a simple reason: they need to be frequently updated, and AI can generate them in bulk.

These numbers paint a clear picture: fraud, identity theft, an organized crime industrial chain. When stacking these numbers together: 500,000 participants, 1 million public sales posts, accounts from top compliant exchanges such as Coinbase, Binance US, and Kraken are included. This is not an isolated case of a specific platform but a systemic vulnerability that the entire cryptocurrency compliance system is facing—as long as KYC exists, a market to bypass it will also exist, and its scale is considerable.

Every report uses definitive language, using terms like "threat actors," "underground market," "illegal operations." But they all have a shared perspective blind spot. They are all viewed from the outside, from the perspective of regulatory agencies and security companies, as if describing a fire happening behind glass.

However, not a single report explains who those individuals showing "online" status on Telegram every day really are, how they perceive what they are doing, and whom this business ultimately serves.

I decided to talk to people in the circle.

An underground KYC small vendor: 600 transactions in two years

Searching KYC on Telegram quickly yields a batch of accounts.

In early March, I randomly chose a seemingly trustworthy KYC intermediary, and by coincidence, I encountered a cold guy whose replies were no more than five words, mostly answering my various questions with a simple "yes," and the most information I obtained was the pricing, such as "CoinList KYC 40 U," "Coinbase KYC 20 U."

After a long silence, he sent a slightly longer message: "So can we work together?" The sentence seemed to have been translated harshly from another language, reading as if discussing cooperation, but it might just have been a push for an order. The conversation became difficult to continue.

So I turned to check the TRON chain payment address he gave me; this address has been operating since January 2024 and has accumulated over 59,243 USDT, totaling 600 income transactions across 26 months. Yet the net retention is zero.

Every income was rapidly cleared within a period and transferred to the same upstream address. Following this chain down, he ultimately deposited it in OKX's hot wallet on the TRON chain. This intermediary, who helps people bypass KYC, deposited every penny earned into the exchange.

A small anonymous seller with a turnover close to 60,000 dollars over two years, 600 transactions, with no vacations, no off-season, only the tidal fluctuations brought by the rhythm of new projects. This is just one address, one seller, one chain.

This chain did not connect for me, and the clues ended here. Anonymous people will not speak; I need to find someone more willing to talk.

A KYC "businessman": five years, dozens of platforms

Finally found a "businessman" on X who specializes in KYC services. Through a friend's introduction, I added his contact information, and he was willing to accept an interview.

His name is Catfish, and he runs a variety of "blockchain service platforms."

When talking about Web3 KYC service methods, Catfish said, "I look for various channels according to the needs of my followers and invest time in research to gradually build this business up."

Catfish has been doing this for five years now. He currently operates with one assistant, with most products automatically dispatched. His product catalog covers dozens of platforms, priced in RMB; the higher the price, the more recent participants that platform has, or the higher the difficulty to bypass identity verification.

"Once set up, it's basically automated, especially since AI can assist now," he says, "there's not much need for many people to operate." Except during good market conditions—when new projects flood in, he can work up to 12 hours a day. During lean times, he redirects his time to operations on X.

"A small convenience store for the people, serving all fans of the blockchain industry," he describes his business.

His customers are spread across the Chinese-speaking regions: mainland China, Hong Kong, Taiwan, Malaysia, South Korea, and the United States. The needs of mainland users are most direct—many new platforms block Chinese IPs; uploading a passport or ID, the system automatically rejects it, with no appeal channels or explanations.

"They buy accounts to participate in activities," Catfish says. With each delivery, he attaches a fixed risk warning: "Due to this account being registered with someone else's information, do not deposit large amounts of funds on the platform; participate with small amounts, in and out as you go." The "risk" he warns about is that the account could be reclaimed by the original owner at any time; registering a financial account with someone else's identity information constitutes identity fraud in most jurisdictions.

The rising industrial chain

How is a transaction completed? Catfish described the complete process: pre-sale consultation, payment, he contacts "qualifying foreigners," who then follow a trained process to perform KYC, handing the account over to the buyer, who verifies it, modifies the security settings, and completes the transaction.

He remembers one client particularly well—a South Korean, head of a professional incubation team, who always placed large orders. "He always collaborates with project parties to buy a large number of accounts," Catfish says, "He told me that he made a lot of money through me. However, I didn’t earn much; he earns the resource money, while I earn the hard-earned money from KYC."

This means that this industrial chain also has multiple levels. The South Korean incubation team, as the demand side, profits from participating in project subscriptions in bulk. That’s why intermediaries like Catfish exist, with "foreigners" providing information verification, completing KYC as required, perhaps earning a few dollars in return.

The source of "foreigners" is global—those who accept orders under the guise of "online part-time work" in Southeast Asia, East Africa, and Latin America, completing actions like nodding, shaking their heads, and blinking as required, and getting paid the equivalent of a few to several tens of dollars.

How much is specifically shared with “foreigners,” Catfish did not say directly, but a recruitment post circulating on Russian forums read: "All you need is your face. Complete video verification via WhatsApp. 1,500 to 2,000 rubles ($17 to $23) per time, you can do it multiple times a day."

Previously, when Worldcoin deployed spherical iris scanning devices in Cambodia and Kenya, this phenomenon briefly surfaced—a black market for World ID below 30 dollars emerged, and in 2024, Thai authorities ordered the deletion of 1.2 million collected iris data, while Indonesia halted all activities of Worldcoin. But Worldcoin is just the tip of the iceberg, and it’s still the part with a brand and journalists capable of questioning.

Pricing has another logic. "The more developed the area, the more expensive the KYC cost," Catfish says, "the fees you offer can’t even buy breakfast; people won't cooperate with you." Orders from the U.S. are the hardest; sometimes, the client has to take the "foreigner" to New York for offline verification.

Every transaction he serves comes with after-sales terms: he only guarantees "successful first login." "Because we can’t control the risk control rules of each exchange or platform, they can change at any time," he explains. After the buyer obtains the account, the first thing they do is change the email, set up two-factor authentication, and kick out unknown devices. There’s only a small time window for these changes.

He also admits there are situations he cannot handle: "Accounts that require face scans for every login can't be made; a foreigner can't constantly fly to China to give you a face scan login." He added, "By this logic, these are platforms with very strict risk control, and they typically don’t lack users or data, and there are no particularly high-benefit activities, so very few people buy."

Web3 KYC, an empty door with a frame

Catfish has a clear positioning for what he is doing.

When asked whether KYC in the cryptocurrency industry is fulfilling its intended role, he said, "KYC is a threshold well understood by everyone; platforms and users know what they are doing. For those who genuinely want to participate in the industry, it’s not an obstacle; it’s more like a filtering method."

In his description, this is a win-win-win transaction: the user gains access to the platform, the exchange gains new users and data, and he collects a service fee from it. "It’s a triple win," he says.

This logic has a detail hidden in his own after-sales reminder: "Due to this account being registered with someone else's information, do not deposit large amounts of funds on the platform; participate with small amounts, in and out as you go." His "foreigners" are informed and compensated participants. But the term "someone else" means that there is a real person behind the account who can assert rights at any time.

However, CoinDesk's investigation shows that in the larger market, some accounts come with the names, addresses, and social security numbers of real residents who are completely unaware. These people are not included in the "triple win."

Catfish is one of the individuals willing to be interviewed in this market. Behind him, it is estimated that there are 500,000 participants, about 1 million sales posts, and an operational shadow system.

Note: The Telegram chat records and blockchain data mentioned in this article are based on the author's investigation.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。