You must log in or register to comment.
Not really a MFA bypass, but rather some impressive social engineering:
The attacker leverages AI-generated deepfakes to create a synthetic identity complete with a forged government document (e.g., passport) and a facial recognition bypass video.
They use this identity to gain access to the account, if I understood it right.
It’s to get around the KYC (Know Your Client) requirements that many financial institutions and cryptocurrency exchanges have when creating a new account to curb money laundering. Obviously criminals using crypto for dark markets need a way to convert it back to cash without giving up their real identity.
If it can be bypassed, it’s not a second factor
There are some legitimate attacks on MFA, like stealing cookies. But in most cases, MFA is solid and attackers target the humans behind it (phishing, scamming, social engineering).