digital
iProov Threat Intelligence Uncovers "Grey Nickel" Threat Actor Targeting Banking, Crypto, and Payment Platforms
Tuesday, June 10, 2025
KYC Processes Exposed in Wave of Sophisticated Financial Sector Attacks
iProov, the world's leading provider of science-based biometric identity verification solutions, today revealed details of an active cybercriminal operation that has successfully infiltrated financial institutions worldwide by exploiting vulnerabilities in remote identity verification systems. iProov's Security Operations Center (iSOC) observed live operations of the threat actor, codenamed "Grey Nickel," targeting organizations globally with concentrated attacks against banking, crypto exchanges, e-wallets, and digital payment platforms in Asia-Pacific, EMEA, and North America. During its investigation of “Grey Nickel”, the iSOC team also documented an unprecedented escalation in attacks specifically designed to bypass Know Your Customer (KYC) processes across the financial services sector.
Financial Services: New Attacks, Same Battleground
Financial services organizations have long been prime targets for relentless fraud attacks, both by lone perpetrators and highly organized criminal networks. Unfortunately, many of the organizations targeted by “Grey Nickel” and the KYC attackers had employed liveness detection technologies that appear to be designed to prevent only presentation attacks as opposed to AI-fueled digitally injected attacks. The gap between the identity assurance that these technologies are able to provide and the identity assurance needed has become a profitable sweet spot for cybercriminals.
iProov advises organizations to use its spectrum of identity assurance methodology to determine the most suitable verification technologies, tailored to each use case, by evaluating the contextual knowledge of the individual and the risk of the activity with the organization’s risk appetite.
"These criminal groups understand that banking, crypto exchanges, e-wallets, and digital payment platforms represent some of the highest-value targets for identity fraud," said Dr. Andrew Newell, Chief Scientific Officer of iProov." It is important to understand that these aren't opportunistic attacks; they represent highly coordinated, specialized operations that pose an existential threat to the digital transformation of banking."
Multiple Threat Actors, Common Target
iProov's investigation has identified several distinct criminal operations:
Grey Nickel: Systematic Operations
A sophisticated threat actor group, codenamed "Grey Nickel," has been conducting systematic attacks against identity verification systems since July 2023, primarily targeting organizations in the Asia-Pacific region, with recent expansions into North America and EMEA. This group employs advanced face-swap technology, metadata manipulation, and injection techniques specifically designed to defeat single-frame liveness-based verification systems used by banks and payment platforms.
Advanced Virtual Camera Networks
Separate criminal groups have developed and distributed specialized mobile applications that enable KYC bypass on both Android and iOS devices. These applications inject pre-recorded or manipulated video feeds during identity verification, with some variants now incorporating lip-syncing capabilities to defeat voice-based challenges.
Deepfake-as-a-Service Operations
Independent criminal actors have established service-based models, offering custom deepfake creation and comprehensive KYC bypass packages specifically designed to target cryptocurrency exchanges and payment platforms. These operations combine stolen identity databases with AI-generated media to create “synthetic identities” and enable large-scale identity fraud.
AI-Powered Fraud Tools
Criminal forums now actively share techniques using commercially available AI platforms to generate convincing deepfake videos, specifically designed to bypass primitive liveness technologies employed by some financial institutions.
Financial Impact of AI-based Cybercrime
The financial consequences of these attacks are reaching unprecedented levels:
- In 2024, a Hong Kong employee of a British multinational company fell victim to deepfake scammers for US$25.6 million when criminals impersonated company executives
- More than half of the organizations surveyed in a recent Biocatch Report admitted to losing between $5 and $25 million to AI-powered attacks in 2023.
- A United Nations report noted a rise in AI-driven crimes involving deepfakes, demonstrated by more than a 600% increase in mentions of deepfake-related content targeting criminal groups in Southeast Asia across monitored online platforms in the first half of 2024.
Criminal Innovation Outpaces Regulatory Response
A critical global challenge in combating cybercrime against the financial services sector is the widespread lack of comprehensive data from these institutions. This absence of consistent, mandatory incident reporting across many jurisdictions prevents regulators from accurately assessing the scale of illicit activities, which hinders effective regulatory action. While regions like the European Union are advancing proactive measures, with bodies such as the European Banking Authority proposing the adoption of the high-assurance EU Digital Identity Wallet or an equivalent to comply with AML rules, many nations lag behind. This creates global disparities that cybercriminals can exploit and highlights an urgent need for greater international cooperation and data sharing to drive robust security enhancements and coordinated regulatory intervention.
.png)
.png)
