Original Author: angelilu, Foresight News
"Service is not available in your region".
I've lost count of how many times I've seen this line. This time, I was fully prepared—I took out my passport, took a photo of the front facing the camera, then the back, switched to selfie mode, took a photo holding the ID, and followed the on-screen prompts to nod, shake my head, and blink. The whole process took about ten minutes, and I was more careful than last time. Then the page redirected, showing "Submission successful, awaiting review."
I waited three days. On the fourth day, I refreshed; the status was still "Under review." The withdrawal function was frozen, with the reason "Awaiting identity verification completion." The subscription window for the project I wanted to participate in was closing in forty-eight hours.
Or, there was no waiting at all—the page recognized my IP address before I even started and directly popped up that line: "Service is not available in your region." No reason given, no appeal channel, no indication of what else I could do. It's not that I didn't want to comply; I simply didn't have the qualification to comply.
This is perhaps a situation you and I often encounter, the most common wall in the crypto industry: KYC, Know Your Customer. KYC is the weightiest part of the word "compliance": you must prove you are you to get in.
Over the past five years, some mainstream exchanges have gradually outsourced KYC to commercial identity verification systems like Sumsub and Jumio. Compliance costs have been "productized" and become an ongoing expense. For leading platforms, this cost has reached the million to ten million dollar level.
Multiple crypto payment industry practitioners told Foresight News that the industry still highly relies on third-party service providers like Sumsub and Jumio for the KYC环节, as these solutions have significant advantages in global data coverage and compliance capabilities.
However, as transaction scales expand and risk control needs increase, some leading institutions have begun exploring a hybrid model of "self-built risk control + third-party KYC" to achieve a better balance between cost, pass rate, and risk control.
Yet, no matter how high this wall is built, the underground market has already set its own price. And on the other side of this wall, there exists a complete underground industry chain专门 designed to penetrate this system at low cost. The price to penetrate it is 20 USDT—covering the full verification process required by exchanges: passport or driver's license upload, facial recognition, proof of address, all delivered in one package.
500,000 People, A Market No One Has Counted
Adhering to the principle of where there's a policy, there's a countermeasure, I started searching online for "Web3 KYC." What popped up weren't tutorials, but more often warnings.
A 2023 report by CertiK scanned over 20 underground KYC markets and found that the total membership at the time exceeded 500,000 people,专门 buying and selling verified accounts for various platforms, concentrated in Southeast Asia, with group sizes ranging from 4,000 to 300,000 people.
Cybersecurity company ZeroFox once统计过 that in one year, they found over 1 million posts selling KYC accounts on public forums and Telegram, involving mainstream compliant exchanges like Coinbase Pro and Kraken, priced from $150 to $500 each.
An investigation by CoinDesk was more direct; they directly spent money to buy a few accounts to verify. Each account came with the real user's name, home address, date of birth—accounts for US residents even included Social Security numbers. Then they searched public databases and found four real individuals who完全匹配 the account information, and sent them written notices. These people's reactions were complete surprise; they were unaware that their names were attached to some stranger's exchange account, a password for which they had never set.
The technical层面 is also同步恶化. According to the 2025 Identity Fraud Report released by Sumsub, deepfake attacks have grown over 2000% in the past three years and now account for about 1/15 of all identity fraud attempts.
The attack paths form a three-layer structure:
- The bottom layer uses high-resolution screens配合 polarized lenses to eliminate glare, making the "playing video"画面 optically closer to a real拍摄;
- The second layer is HOOK injection attacks, directly hijacking the system call interface of the mobile phone camera, "feeding" a pre-recorded 4K video into the application's capture window—the application "sees" the camera's real-time output, but what actually flows in is a pre-prepared video;
- The third layer is one-click AI face-swapping tools, generating content just by uploading a photo, reducing the attack门槛 to zero. The average cost to break through a real-person liveness verification system: $10, with an input-output ratio as high as 1400%.
The "2025 Global KYC Attack Risk Research Report" released by Threat Hunter shows that from an industry distribution perspective, virtual currency exchanges and wallet payment platforms are the core targets of all KYC attacks, accounting for over 78% combined. The most sold attack materials are "proof of address" documents, for a simple reason: they need frequent updates, and AI can generate them in bulk.
These numbers paint a clear picture: fraud, identity theft, organized criminal产业链. Stack these numbers together: 500,000 participants, 1 million publicly circulating sales posts, accounts from leading compliant exchanges like Coinbase, Binance US, Kraken all among them. This is not an isolated case for某个 platform, but a systemic vulnerability faced by the entire crypto compliance system—as long as KYC exists, the market to bypass it exists, and its scale is considerable.
Every report's wording is certain, using terms like "threat actors," "underground markets," "illegal operations." But they share a common blind spot in perspective. They are all viewed from the outside, from the perspective of regulators and security companies, like describing a fire happening behind glass.
But not one report explains who those people hanging with "online" status on Telegram every day actually are, how they view what they are doing, and who this business is really serving.
I decided to go talk to people in the circle.
An Underground KYC Peddler: 600 Transactions in Two Years
Search for KYC on Telegram, and a batch of accounts弹出 in seconds.
In early March, I randomly picked a KYC middleman who seemed trustworthy. Unfortunately, I encountered a冷酷 guy; his replies were no more than 5 words, responding to my various questions mostly with "yes," and the most information I got was quotes, like "CoinList KYC 40 U," "Coinbase KYC 20 U."
After a long silence, the other party sent a slightly longer message: "So can we work together?" The sentence seemed硬翻 from another language, reading like discussing cooperation, but was probably just催促. The conversation was hard to continue.
So I转而 checked the TRON chain receiving address he gave me on-chain. This address has been operating since January 2024, with累计流入 over 59,243 USDT, totaling 600 incoming transactions, spanning 26 months. But the net留存 was zero.
Every incoming amount was quickly emptied within a period of time, transferred to the same upstream address. Following this chain down, he finally transferred into OKX's hot wallet on the TRON chain. This middleman helping people bypass KYC deposited every penny he earned into an exchange.
A small-volume anonymous seller, nearly $60,000 in流水 over two years, 600 transactions, no vacations, no off-season, only tidal-like fluctuations following the rhythm of new coin offerings. And this is just one address, one seller, one chain.
This chain didn't connect for me, the线索 broke here. Anonymous people won't talk; I needed to find someone more willing to speak.
A KYC "Businessman": Five Years, Dozens of Platforms
I finally found a "businessman" on X who专门 does KYC services. Introduced by a friend, I added his contact, and he was willing to be interviewed.
His name is Mao Li, operating a "blockchain service platform" with a rich variety of products.
Talking about the way he provides Web3 KYC services, Mao Li said, "I based it on the needs of my own fans, went to find various channels, invested time in research, and slowly built this business up."
Mao Li has been doing this for five years至今. Now he operates with one assistant, most goods are automatically delivered. His product catalog covers dozens of platforms, priced in RMB. The higher the price, the more participants the platform has recently, the hotter it is, or the harder the identity verification门槛 is to bypass.
"Once set up, it's basically automated, let alone now with AI assistance," he said. "Basically, it doesn't require many people to operate." Except during good market conditions—when new coin offerings are concentrated, he can work up to 12 hours a day. When the market is bleak, he invests time into operating on X.
"The people's small shop, serving all fans in the blockchain industry." This is how he describes his business.
His customers are遍布 the Chinese-speaking region: Mainland China, Hong Kong, Taiwan, Malaysia, Korea, the US. The demand from mainland users is the most direct—many new coin offering platforms block Chinese IPs; passports or IDs uploaded are automatically rejected by the system, with no appeal channel or explanation.
"They buy accounts to participate in activities," Mao Li said. With every delivery, he includes a fixed risk warning: "Since this is an account registered with someone else's information, please do not place large amounts of funds in the platform. Participate with small amounts,随进随出 (enter and exit promptly)." The "risk" he warns about is that the account could be recovered by the original owner at any time; using someone else's identity information to register a financial account itself constitutes identity fraud in most jurisdictions.
The浮出水面 Industry Chain
How is a single order completed? Mao Li described the complete process: pre-sales consultation, payment, he contacts a "qualified foreigner," the foreigner operates according to the pre-trained process, completes the KYC, the account is transferred to the buyer, the buyer checks and modifies security settings, order closed.
The customer who impressed him the most was a Korean, the head of a professional incubation team, who always placed large orders. "He always cooperates with project parties, buying a very large number of accounts," Mao Li said. "He told me he made a lot of money through me. But I didn't make too much; he makes money from resources, I make the hard-earned money from the KYC part."
That is to say, this industry chain also has multiple levels. The Korean incubation team, as the demand side, profits by using accounts to participate in project subscriptions in bulk. Hence there are middlemen like Mao Li, and at the bottom are the "foreigners" providing information verification, completing the KYC as required, perhaps taking just a few dollars.
The source of "foreigners" is global—those in Southeast Asia, East Africa, Latin America who take orders under the guise of "online part-time jobs," following instructions to nod, shake heads, blink, taking报酬 equivalent to a few dollars to tens of dollars.
How much money is specifically given to the "foreigner," Mao Li didn't say directly, but a recruitment post circulating on Russian forums reads: "Only your face is needed. Complete video verification via WhatsApp. 1,500 to 2,000 rubles per time (approx. $17 to $23), can be done multiple times a day."
When Worldcoin deployed its spherical iris scanning devices in Cambodia and Kenya, this phenomenon briefly浮出水面—a black market for World ID below $30随即 appeared. In 2024, Thai authorities ordered the deletion of 1.2 million collected iris data, and Indonesia halted all Worldcoin activities. But Worldcoin is just the tip of the iceberg, and moreover, the branded one that journalists can question.
Pricing has another logic. "The more developed the region, the more expensive the KYC," Mao Li said. "The fee you give isn't even enough to buy breakfast, they simply won't cooperate with your operation." US orders are the hardest, sometimes requiring the client to take the "foreigner" to get documents offline in New York.
Every transaction he services comes with after-sales terms: he only guarantees successful "first login." "Because we can't control the risk control rules of every exchange or platform, they could change at any time," The buyer's first task upon getting the account is to change the bound email, set up two-factor authentication, and kick out unknown devices. The window might only be a few hours.
He also admitted there are cases he can't handle. "Accounts that require face scan every login cannot be made; the foreigner can't possibly keep flying to China to scan your face for login." He added: "By this logic, platforms with very, very strict risk control usually don't lack users or data, and won't have activities with particularly high福利, so few people would buy them."
Web3 KYC, A Door Frame with an Empty Door
Mao Li has a clear positioning of what he is doing.
When asked if KYC in the crypto industry is playing the role it should, he said, "KYC is a门槛 everyone knows well, the platform, the users, all know what they are doing. For those who genuinely want to participate in the industry, this is not a barrier, more like a screening method."
In his description, this is a三方共赢 transaction: users gain access to the platform, exchanges gain new users and data, and he收取 a service fee. "A triple win," he said.
This logic has a detail, hidden in his own after-sales提示: "Since this is an account registered with someone else's information, please do not place large amounts of funds in the platform. Participate with small amounts, enter and exit promptly." His "foreigners" are知情, compensated participants. But the word "someone else" implies there is a real person behind the account, a person who can assert their rights at any time.
But the CoinDesk investigation showed that in the larger market, some accounts come附带 with the names, addresses, and Social Security numbers of real residents who are completely unaware. These people are not within the "triple win."
Mao Li is one person in this market willing to be interviewed. Behind him, there are an estimated 500,000 participants, about 1 million sales posts, and a still-functioning shadow system.
Note: The Telegram chat records and on-chain data mentioned in the article were obtained through the author's investigation.
