Veriftools: The $9 Fake ID Farm and How KYC Fights Back
A forged passport should be expensive. It used to be. For most of the last century, a convincing counterfeit took a skilled hand, real materials, and time. Then services like veriftools dropped the price of a fake identity document to about nine dollars, payable in crypto, no skills required. That is the actual story here, and seizing one website does not change it.
In August 2025, the FBI and the Dutch National Police seized the veriftools domains and roughly $6.4 million in cryptocurrency. Good. It also relaunched almost immediately. So this article looks at what veriftools was, why these operations keep coming back, how a fake ID actually tries to bypass identity verification, and where the buyer of a nine-dollar counterfeit quietly loses. The short version: the defense that works does not live at the domain registrar. It lives at the verification step.
What veriftools was, and why it mattered
Veriftools was a template farm, a "generator" that turned document forgery into a point-and-click product. You entered personal data, and the service produced a counterfeit identity document built to look real. No forger, no darkroom, no craft. That industrialization is the whole problem, because it widens the pool of people who can commit document fraud from a handful of skilled criminals to anyone with a grievance and a browser.
The scale was not small. By reporting from security researchers and the U.S. Department of Justice, veriftools offered roughly 250 document templates covering some 69 countries, including IDs for all 50 U.S. states. It sold counterfeit passports, driver's licenses, bank statements, and utility bills for as little as $9, took payment in cryptocurrency, ran an affiliate program, and even supported batch generation for criminals working from stolen or synthesized identity records. By February 2024 it was pulling around 285,000 unique visitors a month. The August 2025 takedown, run out of the District of New Mexico with Dutch help, seized its domains and $6.4 million in crypto and called the case a step toward protecting the public from fraud and identity theft. It was. It was also not the end.
What made the generator model dangerous was not any single document. It was the throughput. A static template still needs a forger to fill it in convincingly; a generator does that automatically, at volume, for anyone holding a few dollars of crypto. Pair that with an affiliate program and you have distribution, not just a product. Document fraud stopped being a craft and became a subscription, which is the part that should worry every platform that onboards strangers.
Why fake-document sites refuse to die
Here is the uncomfortable part. A takedown treats the symptom. The supply is crime-as-a-service, and it regrows overnight.
On the same day the seizure was announced, the veriftools operators posted relaunch notices on Telegram. Within weeks, replacement domains were live across a scatter of extensions, and by October 2025 they had pulled roughly 80,000 monthly visitors between them. This is not unusual. One identity-verification firm counts on the order of 24,000 sellers in the broader counterfeit-as-a-service market. Knock one down and the demand simply routes to the next.
There is a grim economics underneath it. The infrastructure is cheap, the customers are anonymous, and the payment rail is crypto, so the marginal cost of standing the operation back up is close to nothing. A domain seizure raises that cost a little. It does not change the equation.
I am not arguing that takedowns are pointless. Seizing $6.4 million and disrupting an operation matters. But "we seized the domain" is a press release, not a defense. If your security plan depends on law enforcement eliminating the supply of fake documents, you do not have a plan. The durable answer has to assume the counterfeit will arrive, and catch it when it does.
How fake IDs try to bypass KYC, and the fraud surge behind it
The reason cheap counterfeits from services like veriftools matter is that they feed a much larger machine. Identity fraud has industrialized in step with the tools, and the numbers from 2025 and 2026 are not subtle.
Synthetic and AI-generated documents
The fastest-growing category is the synthetic identity, a blend of real and invented data that passes a shallow check. Synthetic identity document fraud rose 311% in North America between early 2024 and early 2025, by Sumsub's count. Digital document forgeries now make up about 57% of all document fraud, up 244% year over year, according to the Entrust Cybersecurity Institute. Roughly one in fifty fake documents is now AI-generated. None of this needs a master forger; it needs a subscription. Synthetic identities are especially nasty because there is no single victim to file a complaint. The identity is partly invented, so it can sit dormant, build a thin history, then bust out at once. By the time anyone notices a problem, the account is already drained and gone.
Deepfakes and injection attacks
The other front is the live selfie that verification systems rely on to prove a real person is present. Attackers now defeat that with deepfakes and injection attacks, feeding a fabricated video straight into the camera stream. The biometric firm iProov logged a deepfake attempt roughly every five minutes in 2024, a 741% jump in iOS injection attacks across 2025, and a 2,665% rise in virtual-camera attacks versus 2023. A nine-dollar document and a free face-swap is a cheap kit for an expensive crime.
The shift matters because liveness was supposed to be the hard part to fake. If a system simply trusts that a moving face on camera belongs to a real person in the room, an injected video quietly breaks that assumption. Detection has had to move from asking "is this face live" to asking "is this camera feed even real," which is a harder and more recent problem.
| Fraud signal (2025-2026) | Figure | Source |
|---|---|---|
| Synthetic ID document fraud, North America | +311% YoY | Sumsub |
| Digital document forgeries, share of all doc fraud | 57% (+244% YoY) | Entrust |
| AI-generated documents | ~1 in 50 fakes | Sumsub |
| Deepfake attempt frequency | every ~5 minutes | iProov |
| iOS injection attacks | +741% (2025) | iProov |
How identity verification catches forged documents
So if you cannot seize your way out, what works? Detection at the door. This is the part of the story the buyer of a $9 fake does not see coming, because layered verification is built to assume the document is fake until the evidence says otherwise.
Document forensics and liveness
Start with the document itself. Forensic checks read the things a template cannot fake cleanly: pixel-level inconsistencies, font and layout deviations, manipulated metadata, and template reuse across submissions. When Resistant AI tested veriftools output, its forensics flagged the documents as high-risk across IDs, bank statements, and utility bills, even after the fraudsters tried to strip the metadata. The reason this works is that a generator optimizes for looking right to a human, not to a machine. A reviewer glancing at a driver's license sees a plausible card. A forensic engine sees that the same template produced thousands of other submissions, that the font spacing is a hair off, that the security pattern is printed rather than embedded. Add 3D liveness detection to confirm a real, present human, injection detection to catch the fabricated camera feed, and NFC chip reading that pulls the genuine, signed data straight from a modern passport's chip, and the cheap counterfeit runs out of room.
AML screening and database cross-checks
A document that passes is still only half the check. AML screening runs the person against sanctions lists, politically exposed person databases, and adverse-media reporting, then keeps monitoring after onboarding. Identity data gets cross-checked against authoritative sources, and the same forensic signals feed broader payment fraud detection so a single fake does not quietly open ten accounts. A document can render perfectly and still name a person whose details match no real record, or who already sits on a watchlist. Continuous monitoring then catches the account that looked clean on day one and turned risky on day ninety. No one layer is perfect. Stacked, they turn a $9 document into a losing bet.
| Verification layer | What it catches |
|---|---|
| Document forensics | Template reuse, font, pixel, and metadata anomalies |
| 3D liveness detection | Photos, masks, and replayed video |
| Injection detection | Virtual-camera and deepfake feeds |
| NFC chip reading | Documents with no genuine signed chip data |
| AML and database checks | Sanctioned, fabricated, or mismatched identities |
What it costs a platform to let fakes through
None of this is theoretical. Counterfeit documents from operations like veriftools feed straight into the accounts that generate these penalties, and the bill for getting it wrong has gone vertical. KYC failure is now existential money.
Look at the year. OKX pleaded out to a U.S. Department of Justice case in February 2025 carrying more than $504 million in penalties, tied to over $5 billion in suspicious transactions. Prosecutors said staff had instructed customers to falsify their identity documents. KuCoin settled with the DOJ for about $300 million the month before, then drew a record C$19.6 million FINTRAC fine in Canada that September. And the floor keeps rising. The EU's MiCA regime sets a hard CASP authorization deadline of 1 July 2026, the broader AML Regulation lands in 2027, and fines run into the tens of millions. A platform that waves a forged document through is not saving money. It is deferring a much bigger invoice.
These are not edge cases. They are among the largest enforcement actions crypto has seen, and the thread running through every one is identity. Not market manipulation. Not a clever hack. The question regulators kept circling back to was simpler and harder: who got through the door, and what did the platform actually do to check?
| Enforcement case | Penalty | When |
|---|---|---|
| OKX (U.S. DOJ) | $504M+ | Feb 2025 |
| KuCoin (U.S. DOJ) | ~$300M | Jan 2025 |
| KuCoin (FINTRAC, Canada) | C$19.6M | Sep 2025 |
The legal reality for anyone tempted to buy
For an individual buyer, nine dollars to veriftools or its successor domains is the cheap part. The real price is twofold, and both halves are underrated.
First, the law. In the United States, producing or using a forged identity document is a federal crime under 18 U.S.C. § 1028, carrying penalties up to 15 years in prison, and aggravated identity theft adds a mandatory two-year sentence on top. A weak economy of demand exists regardless: one survey found about 30% of U.S. young adults have considered buying a fake ID. That casual demand is exactly what makes the trade dangerous. Most buyers picture a harmless prop, not a federal charge, and the gap between how the purchase feels and what the law calls it is where people get hurt. The consequences do not soften because the purchase felt casual.
Second, the data. To generate a convincing counterfeit you hand a criminal service your real personal information, your photo, your actual details. You are not the customer in that transaction so much as the product. Identity theft, extortion, and resale of your data are the natural next steps. On the platform side, a flagged fake means frozen funds and a permanent ban. The buyer loses the money, the account, and control of their own identity, often all three.
It is worth being blunt about the asymmetry. The seller of the fake faces a takedown and the loss of a domain it can re-register by morning. The buyer faces a federal record. The whole trade is structured so the customer carries the legal risk while the operator collects crypto and rebuilds elsewhere. That is not a deal anyone should want the wrong side of.
Why detection beats takedowns for fake IDs
Seizing veriftools did not end fake IDs. The next farm is already serving traffic, and the one after that is in a Telegram channel waiting for the first to fall. That is the lesson worth keeping: supply is resilient, so defense has to be too. For a crypto business, that means layered identity verification that assumes every document is suspect, backed by forensics, liveness, and continuous AML monitoring. For everyone else, the move is simpler and cheaper than nine dollars. Do not be the buyer.
