OnlyFake: the IA that made thousands of false identities and challenges KYC controls

The OnlyFake case marks a disturbing milestone at the intersection between artificial intelligence and financial crimes. A Ukrainian developer, identified in the indictment as Yurii Nazarenko and known on the network by several aliases, pleaded guilty for managing a subscription-based platform that generated images of false identity documents with a very realistic appearance. According to the Federal Prosecutor's Office of the South District of New York, the service produced and marketed more than 10,000 digital photographs of passports, driving cards and social security cards in the United States, as well as documents from many other jurisdictions ( see the prosecution).

OnlyFake was not a simple collection of templates: it used IA models to generate images that could incorporate custom or random data, and offered options to simulate a scan or a photo on a table. The site operated with cryptomonedas and sold both individual orders and wholesale packages, reaching to offer lots of up to a thousand documents. The Department of Justice and FBI agents documented undercover purchases in 2024, in which they obtained cards from New York, United States passports and a fake Social Security card, which allowed the investigation to be opened that led to the prosecution and confession ( DOJ communication).

The prosecution maintains that the main purpose of those who acquired these documents was to circumvent the identification controls used by banks and cryptomoneda platforms to meet "meet your client" (KYC) obligations and prevent money laundering. These requirements are a central part of the regulatory framework designed to detect illegal financing, money laundering and other economic crimes, and their violation opens doors for anonymous or fraudulent financial operations ( information about AML and KYC in FinCEN).

From the technical and operational point of view, OnlyFake gathered several elements that made it particularly dangerous: scale automation by IA to produce credible images, payment with cryptomoneda to increase anonymity and tools to delete tracks, such as the removal of emails and the diversification of wallets to frustrate fund tracking. A previous journalistic investigation helped expose the service publicly, and the platform ended up being the subject of the police operation that led to the extradition of the person responsible from Romania in September 2025 ( 404 media report).

The case raises an obvious question: what difference does it make to a forged document produced by IA from a traditional forgery? The answer is not just aesthetic. The IA models can synthesize textures, typographs and simulated holograms - or combine real and generated fragments - and adapt features to pass basic automated verifications. In addition, the ability to produce large volumes reduces the cost per unit and facilitates marketing to actors with criminal intentions. With these advantages, forgers can try to mockery verification systems that still depend to a large extent on visual comparisons, without robust human supervision.

The authorities have reacted by combining traditional research tools (undercover purchases, international cooperation and extradition) with tracking cryptomoneda flows and inter-agency collaboration. In criminal matters, Nazarenko accepted the return of $1.2 million and faces a penalty that can reach 15 years in prison; the date of sentence was set by mid-2026, according to the judicial file ( DOJ source).

But criminal prosecution alone will not solve the problem of substance. Financial institutions, cryptomoneda exchangers and service providers requiring KYC should accelerate the adoption of more resilient controls. The solutions range from improving biometric systems and livelihood checks - which verify that the document is actually alive and present - to integrating verifications based on official sources and federal records that cannot be easily reproduced with images. It is also crucial that automatic verification providers adopt synthesis and handling detection models that evolve to the pace of generation techniques.

The OnlyFake episode also highlights a regulatory challenge: imaging technology and its public availability make bad uses increasingly accessible. IA tool developers, markets and payment platforms share responsibility for detecting and curbing abuses, but effective response requires coordination between the private sector and regulators, as well as legal frameworks that consider the scale and speed of technological innovation.

For the ordinary citizen, the case should serve as a reminder that false documents generated digitally are not a remote problem: they facilitate fraud, can allow serious crimes and erode confidence in systems that we use daily to identify people. Institutions must strengthen their procedures and users must be aware that digital identity needs more safeguards than a simple photograph.

The story of OnlyFake is a practical warning about the race between generators and detectors. As the IA lowers the barriers to making convincing credentials, the defenses must become equally technical and collaborative. The case against Nazarenko shows that the law can reach operators, but it also shows that prevention and technological adaptation are essential for no new OnlyFake to emerge in the future.