Not really a MFA bypass, but rather some impressive social engineering:
The attacker leverages AI-generated deepfakes to create a synthetic identity complete with a forged government document (e.g., passport) and a facial recognition bypass video.
They use this identity to gain access to the account, if I understood it right.
It’s to get around the KYC (Know Your Client) requirements that many financial institutions and cryptocurrency exchanges have when creating a new account to curb money laundering. Obviously criminals using crypto for dark markets need a way to convert it back to cash without giving up their real identity.
Not really a MFA bypass, but rather some impressive social engineering:
They use this identity to gain access to the account, if I understood it right.
It’s to get around the KYC (Know Your Client) requirements that many financial institutions and cryptocurrency exchanges have when creating a new account to curb money laundering. Obviously criminals using crypto for dark markets need a way to convert it back to cash without giving up their real identity.