• cron@feddit.org
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    3 months ago

    Not really a MFA bypass, but rather some impressive social engineering:

    The attacker leverages AI-generated deepfakes to create a synthetic identity complete with a forged government document (e.g., passport) and a facial recognition bypass video.

    They use this identity to gain access to the account, if I understood it right.

    • Breve@pawb.social
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 months ago

      It’s to get around the KYC (Know Your Client) requirements that many financial institutions and cryptocurrency exchanges have when creating a new account to curb money laundering. Obviously criminals using crypto for dark markets need a way to convert it back to cash without giving up their real identity.