Jinkusu Deepfake Tool Compromises KYC Security in Crypto and Banking

Jinkusu Deepfake Tool Compromises KYC Security in Crypto and Banking

First seen 6 Apr 2026, 17:29 UTC MexcCryptonewsMexc.CoCoinmarketcapBiometricupdate 84% similarity 64.5

Article Content

Browse articles
ThreatCluster

A new AI cybercrime tool named JINKUSU CAM is being sold by a threat actor known as 'Jinkusu' to bypass Know Your Customer (KYC) checks on major crypto exchanges like Binance, Coinbase, and Kraken, as well as banking platforms. This tool employs real-time deepfake technology for facial and voice manipulation, enabling attackers to present fabricated identities during verification processes. It utilizes advanced features such as GPU-based face swapping and voice modulation to evade biometric systems, posing significant risks to financial services. Security experts warn that the tool could facilitate large-scale fraud and synthetic identity theft. The emergence of such deepfake tools is seen as a wake-up call for the industry, highlighting vulnerabilities in existing KYC systems. The tool's capabilities extend to enabling romance scams, which have previously resulted in billions in losses. The threat actor Jinkusu is also linked to the Starkiller phishing kit released earlier in 2026, indicating a broader trend of sophisticated cybercrime tools targeting financial platforms.

Key Points: • JINKUSU CAM can bypass KYC checks on major crypto exchanges and banks using deepfake technology. • The tool's advanced features include real-time face swapping and voice modulation, making detection difficult. • Jinkusu is suspected to be connected to previous cybercrime tools, indicating a trend of increasing sophistication.

ThreatCluster AI

Timeline

2026-04-06
JINKUSU CAM tool reported to bypass KYC checks on crypto and banking platforms.
2026-04-06
Deddy Lavid warns of vulnerabilities in KYC systems due to deepfake technology.
2026-04-06
Jinkusu linked to Starkiller phishing kit released in February 2026.

Threat Graph

19 entities, 14 inferred relationships (STIX 2.1).

Technique (5)
  • Malware
  • Phishing
  • T1056 - Input Capture
  • T1566.002 - Spearphishing Link
  • T1566 - Phishing
Organization (4)
  • Binance
  • Coinbase
  • OKX
  • ElevenLabs
Affected Platform (1)
  • Android
Threat Actor (1)
  • Kraken
Tool (8)
  • Starkiller
  • Chrome
  • Docker
  • Gfpgan
  • Headless Chrome
  • InsightFace
  • Jinkusu
  • OBS
Relationships
  • Kraken uses Starkiller
  • Kraken uses Chrome
  • Kraken uses Docker
  • Kraken uses Gfpgan
  • Kraken uses Headless Chrome
  • Kraken uses Malware
  • Kraken uses Phishing
  • Kraken uses T1056 - Input Capture
  • Kraken uses T1566.002 - Spearphishing Link
  • Kraken uses T1566 - Phishing
  • Kraken targets Binance
  • Kraken targets Coinbase
  • Kraken targets OKX
  • Kraken targets ElevenLabs

Community

Browse all →