{"id":21175,"date":"2026-04-15T12:06:16","date_gmt":"2026-04-15T12:06:16","guid":{"rendered":"https:\/\/ideainthebox.com\/index.php\/2026\/04\/15\/cyberscammers-bypassing-bank-telegram\/"},"modified":"2026-04-15T12:06:16","modified_gmt":"2026-04-15T12:06:16","slug":"cyberscammers-bypassing-bank-telegram","status":"publish","type":"post","link":"https:\/\/ideainthebox.com\/index.php\/2026\/04\/15\/cyberscammers-bypassing-bank-telegram\/","title":{"rendered":"Cyberscammers are bypassing banks\u2019 security with illicit tools sold on Telegram"},"content":{"rendered":"
\n
<\/div>\n

From inside a money-laundering center in Cambodia, an employee opens a popular Vietnamese banking app on his phone. The app asks him to upload a photo associated with the account, so he clicks on a picture of a 30-something Asian man.<\/p>\n

Next, the app requests to open the camera for a video \u201cliveness\u201d check. The scammer holds up a static image of a woman bearing no resemblance to the man who owns the account. After a 90-second wait\u2014as the app tells him to readjust the face inside the frame\u2014he\u2019s in.\u00a0<\/p>\n

The exploit he\u2019s demonstrating, in a video shared with me by a cyberscam researcher named Hieu Minh Ngo, is possible thanks to one of a growing range of illicit hacking services, readily available for purchase on Telegram, that are designed to break \u201cKnow Your Customer\u201d (KYC) facial scans.<\/p>\n

These banking and crypto safeguards <\/strong>are supposed to confirm that an account belongs to a real person, and that the user\u2019s face matches the identity documents that were provided to open the account. <\/strong>But scammers are bypassing them in order to open mule accounts and launder money. Rather than using a live phone camera feed for a liveness check, the hacks typically deploy a tool known as a virtual camera. Users can replace the video stream with other videos or photos\u2014depicting a real or deepfake person or even an object.<\/p>\n

As financial institutions enact enhanced security measures aimed at stopping cyberscammers, these workarounds are the latest round in the cat-and-mouse game between criminal operators and the financial services industry.<\/strong><\/p>\n

Over the course of a two-month investigation earlier this year, MIT Technology Review <\/em>identified 22 Chinese-, Vietnamese-, and English-language public Telegram channels and groups advertising bypass kits and stolen biometric data. The software kits use a variety of methods to compromise phone operating systems and banking applications, claiming to enable users to get around the compliance checks imposed by financial institutions ranging from major crypto exchanges such as Binance to name-brand banks like Spain\u2019s BBVA.\u00a0<\/p>\n

\u201cSpecializing in bank services\u2014handling dirty money,\u201d reads the since-deleted Telegram bio of the program used by the Cambodian launderer, complete with a thumbs-up emoji. \u201cSecure. Professional. High quality.\u201d Some of the channels and groups had thousands of subscribers or members, and many posted bullet points listing their services (\u201cAll kinds of KYC verification services\u201d; \u201cIt\u2019s all smooth and seamless\u201d) alongside videos purporting to show successful hacks.\u00a0<\/p>\n

Telegram says that after reviewing the accounts, it removed them for violating its terms of service. But such online marketplaces proliferate easily, and multiple channels and groups advertising similar tools remain active.<\/p>\n<\/p>\n

Banks and butchers<\/strong><\/h3>\n

The rise in KYC bypasses has occurred alongside an expansion of a global industry in \u201cpig-butchering\u201d cyberscams. Crypto platforms and banks around the world are facing increasing scrutiny over the flow<\/a> of illegally obtained money, including profits from such scams, through their platforms. This has prompted tightened banking regulations in countries such as Vietnam<\/a> and Thailand<\/a>, where governments have increased customer verification and fraud monitoring requirements and are pushing for stronger anti-money-laundering safeguards in the crypto industry.<\/p>\n

Chainalysis, a US blockchain analysis firm, estimates<\/a> that around $17 billion was stolen in 2025 in crypto scams and fraud, up from $13 billion in 2024. The United Nations Office on Drugs and Crime, meanwhile, warned<\/a> in a recent report that the expansion of Asian scam syndicates in Africa and the Pacific has helped the industry \u201cdramatically scale up profits.\u201d<\/p>\n

That combination of factors\u2014more scrutiny, but also more revenue\u2014has vaulted KYC bypasses to the center of the online marketplace for cyberscam and casino money launderers. Although estimates vary, cybersecurity researchers say these kinds of attacks are rising: The biometrics verification company iProov estimated<\/a> that virtual-camera attacks were more than 25 times as common worldwide 2024 than in 2023, while Sumsub, a company providing KYC services, reported<\/a> that \u201csophisticated\u201d or multi-step fraud attempts, including virtual-camera bypasses, almost tripled last year among its clients.\u00a0<\/p>\n

Three financial institutions that were named as targets on such Telegram channels\u2014the world\u2019s largest crypto exchange, Binance, as well as BBVA and UK-based Revolut\u2014told me they\u2019re aware of such bypasses and emphasize that they\u2019re an industry-wide challenge. A spokesperson from Binance said it has \u201cobserved attempts of this nature to circumvent our controls,\u201d adding that \u201cwe have successfully prevented such attacks and remain confident in our systems.\u201d\u00a0 BBVA and Revolut also declined to comment on whether their safeguards had been breached.<\/p>\n

It\u2019s difficult to estimate success rates, because companies may not be aware of bypasses\u2014or report them\u2014until later. \u201cWhat\u2019s important is what we don\u2019t see,\u201d Artem Popov, Sumsub\u2019s head of fraud prevention products, told me, referring to attacks that go undetected. \u201cThere\u2019s always part of the story where it might be completely hidden from our eyes, and from the eyes of any company in the industry, using any type of KYC provider.\u201d<\/p>\n<\/p>\n

How criminals navigate a compliance maze\u00a0<\/strong><\/h3>\n

Advertisements for the exploits appear simple enough, but on the back end, building a successful bypass is complex and often involves multiple methods. Some channels offer to jailbreak a physical phone so that scammers can trigger the use of a virtual camera (VCam) instead of the built-in one whenever they\u2019d like. Other hacks inject code known as a \u201chooking framework\u201d into a financial institution\u2019s app that triggers the VCam to open. Either way, VCams can be used to dupe KYC safeguards with images or videos that replace genuine, live video of the account\u2019s owner.<\/strong><\/p>\n

Sergiy Yakymchuk, CEO of Talsec, a cybersecurity company that primarily serves financial institutions, reviewed details from the Telegram channels identified by MIT Technology Review <\/em>and says they are consistent with successful tactics used against his banking and crypto clients. His team received help requests from banks and exchanges for roughly 30 VCam-based hacks over the past year, up from fewer than 10 in 2023.\u00a0<\/p>\n

Increasingly, hackers compromise both the phone itself and the code of the financial institutions\u2019 apps before feeding the virtual camera a mix of stolen biometrics and deepfakes, Yakymchuk says.<\/p>\n

\u201cSome time ago, it was enough to decompile the app of a bank and distribute this on Telegram, and that was everything you needed,\u201d he says. \u201cNow it\u2019s not enough, because you have KYC\u2014and more and more things are needed.\u201d<\/p>\n

For money launderers, <\/strong>KYC bypasses have \u201cbecome essential for everything right now\u2014because scam compounds need to move money,\u201d says Ngo, the researcher who shared the demo video. A convicted former hacker who became a cybersecurity advisor for the Vietnamese government, Ngo now runs an anti-scam nonprofit and helps law enforcement investigate money laundering.\u00a0<\/p>\n

He describes how the process works in the case of pig-butchering scams: Funds originating with victims are received into bank accounts controlled or rented by a money-laundering network, known colloquially as \u201cwater houses<\/a>.\u201d Money launderers use KYC bypasses to access the accounts and quickly redistribute the profits before converting them into digital assets\u2014typically in the form of the stablecoin Tether, a type of cryptocurrency that is pegged to the US dollar.<\/p>\n

These transactions often happen in seconds, under tightly orchestrated management. \u201cThey know, very clearly, the flow of how the banks verify or authenticate accounts,\u201d Ngo says.\u00a0<\/p>\n<\/p>\n

A cat-and-mouse game\u00a0<\/strong><\/h3>\n

The growth of cyberscam money laundering has led to heightened scrutiny of financial institutions. In 2023, Binance pleaded guilty<\/a> in US federal courts to operating without anti-money-laundering safeguards. Donald Trump pardoned<\/a> former Binance CEO Chaopeng Zhao last October.<\/p>\n

Recent analysis<\/a> from the International Consortium of Investigative Journalists found that after Zhao\u2019s guilty plea, more than $400 million continued to move to Binance from Huione Group, a Cambodia-based firm <\/strong>that the US sanctioned after the Treasury Department deemed<\/a> it a \u201ccritical node\u201d for money laundering in pig-butchering scams.<\/p>\n

Binance says it has \u201cstate-of-the-art security systems\u201d that prevented billions in fraud losses and that the company processed more than 71,000 law enforcement requests in 2025.<\/p>\n

But John Griffin, a finance and blockchain expert at the University of Texas at Austin, does not think the exchanges are sufficiently secure. \u201cEven though they have all this press about \u2018Oh, yes, we\u2019ve changed this and that\u2019\u2014well, the proof is in the pudding. The criminals are still using your exchange,\u201d Griffin told me of the industry at large. \u201cSo there must be holes.\u201d (Binance says it \u201cobjects to the dubious findings\u201d of Griffin\u2019s work<\/a> tracking the flow of criminal profits across exchanges like Binance, Huobi, OKX, and Tokenlon, calling it \u201cmisleading at best and, at worst, wildly inaccurate.\u201d)<\/p>\n

Binance also pointed out that some purported bypass services are themselves scams, casting doubt on whether successful bypasses are as widespread as the Telegram marketplace may suggest. Engaging with such services \u201cexposes individuals to significant security risks,\u201d a spokesperson said. \u201cEven where access appears to be granted, accounts are often already restricted by internal detection and compliance controls, rendering them nonfunctional for trading or withdrawals.\u201d<\/p>\n

Regulators around the world are trying to catch up. In Thailand, where citizens\u2019 bank accounts regularly serve as money mules for cyberscams based in neighboring Myanmar and Cambodia, new legislation has enhanced<\/a> KYC monitoring, limited daily transactions, and strengthened<\/a> oversight bodies\u2019 ability to suspend accounts. The US money-laundering regulator, the Financial Crimes Enforcement Network, issued a warning<\/a> against KYC deepfakes and the use of VCams in late 2024, encouraging platforms to track broader transaction patterns to identify money laundering.<\/p>\n

For scammers, any new security or reporting requirements will make bypasses harder, but \u201cit\u2019s not going to stop them,\u201d Ngo says. \u201cIt\u2019s just a matter of time.\u201d<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

From inside a money-laundering center in Cambodia, an employee opens […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[226],"tags":[],"class_list":["post-21175","post","type-post","status-publish","format-standard","hentry","category-technology"],"acf":[],"_links":{"self":[{"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/posts\/21175","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/comments?post=21175"}],"version-history":[{"count":0,"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/posts\/21175\/revisions"}],"wp:attachment":[{"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/media?parent=21175"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/categories?post=21175"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ideainthebox.com\/index.php\/wp-json\/wp\/v2\/tags?post=21175"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}