AI-based hacking threatens the banking industry

AI-based tools are already overcoming the cyber defenses used by banks and crypto companies.Tero Vesalainen/Getty Images

The story of cybersecurity is one of an ongoing tug-of-war between the bad guys trying to steal money and information and the good guys finding ways to stop them. Most of the time the battle is pretty even, but sometimes one side gains the upper hand. It feels like we’re in one of those moments right now as criminal hackers seize on new technologies to defeat security defenses faster than companies can create them.

The latest example comes by way of the upstart media site 404, which on Monday reported on a site called OnlyFake that can crank out pictures of highly realistic passports and driver’s licenses in minutes. The replicas are so convincing that the journalist who wrote the investigation says he was able to fool the know-your-customer process at crypto exchange OKX and sign up for an account, and at other sites as well. OnlyFake’s owner also boasted the forgeries could fool PayPal and Airbnb—basically any site that requires users to upload a piece of ID to sign up for the service.

It’s possible the OnlyFake owner is exaggerating, and it’s also worth noting that counterfeiting documents is nothing new. The difference here, though, is that the firm’s software is capable of cranking out hundreds of fake, but very real looking, IDs. It feels like it’s a matter of time before both banks and crypto firms alike are swamped by a wave of bots seeking to open accounts that possess convincing fake IDs.

You can add to this an impending wave of AI-based tools that will be used to overcome the anti-fraud measures, such as voice-based authentication, used by banks and others. We are also seeing AI being used to carry out audacious new forms of robbery—including the jaw-dropping story this week of a criminal gang that persuaded some poor employee in Hong Kong to transfer $25 million of company funds during a Zoom meeting. It turned out that all of the members on the Zoom call were AI-generated replicas of the employee’s boss and coworkers.

It will only be a short matter of time till crooks begin deploying all of these new fraud tools en masse, creating an unprecedented security nightmare for financial institutions and other businesses. The good news is that history shows that, even when cyber attackers gain the upper hand, the balance eventually shifts as defenders figure out new ways to stop them. In the next few years, we are likely to see banks and others roll out new types of security measures—perhaps involving a form of blockchain-based authentication—to shield themselves from this latest wave of fraud.

Jeff John Roberts


Robinhood customers can now make purchases through decentralized wallet MetaMask‘s Buy Crypto tool. (Fortune)

Treasury Secretary Janet Yellen testifies today before the House Financial Services Committee, where she is expected to warn of the dangers of crypto and call for stablecoin legislation. (The Block)

The opening day of a U.K. trial between serial liar Craig Wright and an open patent group focused on allegations that Wright had forged documents to claim he is Satoshi. (CoinDesk)

Vast Bank, the first traditional U.S. bank to offer crypto accounts, is pulling out of crypto. (Cointelegraph)

Bankrupt Genesis asked for approval to sell $1.4 billion worth of Grayscale Bitcoin Trust, an event that would likely put additional pressure on Bitcoin prices. (WSJ)


Definitely not Satoshi:


Read More:AI-based hacking threatens the banking industry