Telegram's Black Market: How Scammers Bypass Bank Facial Recognition with Virtual Cameras

From a money-laundering center in Cambodia, an employee opens a popular Vietnamese banking app on his phone. The app prompts him to upload a photo linked to the account, and he selects an image of a 30-something Asian man. Next, it requests camera access for a video "liveness" check. Instead of showing his live face, the scammer holds up a static picture of a woman bearing no resemblance to the account owner. After a 90-second wait, with the app instructing him to adjust the face within the frame, access is granted.

This exploit, captured in a video shared by cybersecurity researchers, is enabled by a growing array of illicit hacking services readily available for purchase on Telegram. Designed to break "Know Your Customer" (KYC) facial scans, these tools allow criminals to bypass safeguards at banks and crypto platforms, opening mule accounts and laundering illicit funds. Rather than using a live phone camera feed, the attacks typically deploy a virtual camera that replaces the video stream with pre-recorded footage, deepfakes, or even objects.

The Rise of Telegram's Black Market

During a two-month investigation in early 2026, 22 public Telegram channels and groups were identified advertising bypass kits and stolen biometric data. These channels, in Chinese, Vietnamese, and English, promote software that compromises mobile operating systems and banking apps, claiming to evade verification checks at financial institutions ranging from crypto exchanges like Binance to traditional banks like Spain's BBVA. Some had thousands of subscribers, with bios reading: "Specializing in bank services—handling dirty money. Secure. Professional. High quality."

Telegram states it removed these accounts for violating its terms of service after review, but such online marketplaces proliferate easily, with multiple similar channels remaining active. The platform, known for its end-to-end encryption and massive groups, has become a breeding ground for KYC evasion tools, sold for prices from tens to hundreds of dollars.

Impact on Crypto and Financial Ecosystems

The surge in KYC bypasses aligns with the global expansion of "pig-butchering" scams, where criminals build online relationships to defraud victims in fake investments. According to Chainalysis, crypto scams and fraud stole an estimated $17 billion in 2025, up from $13 billion in 2024. This growth has spurred stricter regulatory scrutiny, with countries like Thailand and Vietnam enacting tougher anti-money laundering laws and demanding enhanced customer verification.

In today's market context, with Bitcoin trading at $74,947, Ethereum at $2,354, and BNB at $623.43, platform security is paramount. Crypto exchanges, often reliant on KYC for compliance, are prime targets. A successful attack can allow scammers to deposit stolen funds, trade illicit assets, and withdraw profits, eroding trust in an already volatile market. The 3.1% rise in XRP and 3.8% gain in Cardano today could be impacted if investors perceive systemic risks.

Evasion Techniques and Vulnerabilities

Bypass kits employ multiple methods to deceive verification systems. The virtual camera is most common, letting users inject videos or photos instead of a live feed. Other techniques include manipulating operating system APIs, using device emulators, and exploiting vulnerabilities in banking apps. Some services even offer stolen biometric data, like selfies and ID documents, to create convincing fake identities.

Cybersecurity researchers warn that the most successful attacks may never be detected, as scammers quickly adapt their methods to bank countermeasures. iProov, a biometric verification company, reported virtual-camera attacks were 25 times more common in 2024 than in 2023, highlighting an alarming trend. This underscores the cat-and-mouse game between criminal operators and the financial industry.

Regulatory Responses and Challenges

Regulators worldwide are scrambling to keep up. In the US, financial agencies have issued warnings about KYC evasion tools, while the UN has alerted about the expansion of Asian scam syndicates into Africa and the Pacific, helping the industry "dramatically scale up profits." However, law enforcement is hampered by the global nature of these crimes and the difficulty of tracking encrypted transactions on platforms like Telegram.

For crypto investors, this means personal security is more critical than ever. Using tools like NordVPN can protect online identity, but responsibility also lies with institutions. Banks and exchanges must invest in more advanced deepfake detection and liveness verification technologies, such as eye movement or skin texture analysis, to counter these threats.

Implications for the Future of Financial Security

As scams grow in sophistication, the financial security landscape is at an inflection point. Criminals' adoption of AI to create realistic deepfakes could make KYC bypasses even harder to detect. This may lead to greater distrust in digital verifications, driving a return to in-person methods or the adoption of blockchain for decentralized identities.

In the short term, investors should be cautious about the platforms they use. Verifying exchange reputations, enabling two-factor authentication, and monitoring accounts regularly are essential steps. For the industry, collaboration between financial institutions, regulators, and cybersecurity firms will be key to developing more robust standards and closing the gaps exploited by these black markets.

“Markets are always looking at the future, not the present.”

— MIT Technology Review

— TrendRadar Editorial