KYC Fraud in Sri Lanka: Why Doing KYC for Others Can Make You a Money Mule
When we think of financial security, we often picture passwords, two-factor authentication, or fraud alerts from the bank. But there’s something more fundamental — something so basic that most people don’t question it: KYC, or Know Your Customer.
KYC is the process that banks, crypto exchanges, and online financial services use to verify who you are. It usually means submitting your ID card or passport, taking a selfie, and sometimes providing proof of address. The idea is simple: tie every account to a real human being, so criminals can’t hide behind fake names.
On paper, it sounds like the ultimate safeguard. In practice, though, KYC has become another tool that scammers exploit. And increasingly, ordinary people are getting caught in the middle.
Why People Are Asked to “Do KYC”
If you’ve ever been approached online with an offer that sounds like this — “Can you help me verify an account? You just need to upload your ID, and I’ll pay you” — you’ve seen the surface of this scam.
Scammers, or the middlemen working for them, provide a link to platforms like Binance, Bybit, OKX, PayPal, Skrill, or even shady exchanges like “DarkEx.” They tell the victim it’s harmless. Sometimes they say it’s to create duplicate accounts for giveaways or trading competitions. Sometimes they claim the person can’t verify their own account due to “technical issues.”
The story changes, but the mechanics remain the same: you upload your documents, the account gets verified, and they keep the keys.
The Truth Behind the Excuse
On the surface, the “giveaway” explanation makes it sound like a harmless little trick — as if the worst thing that could happen is someone collecting extra referral bonuses. But that’s not the reality.
The moment you hand over your ID for another person’s account, you become the legal owner of that account in the eyes of the platform. Every trade, every withdrawal, every shady transaction that happens afterward is tied back to you.
And the uses go far beyond giveaways. Verified accounts are worth money on underground markets — sometimes hundreds of dollars depending on the platform. They can be resold, reused, or connected to massive laundering operations. Once your identity is tied to that account, you lose control.
The Legal Side in Sri Lanka
This isn’t just a question of “being careful.” In Sri Lanka, it’s outright illegal. The Financial Transactions Reporting Act of 2006 makes it an offence to provide false or misleading information during customer identification. The Prevention of Money Laundering Act of 2006 goes further, criminalising anyone who aids or facilitates laundering — even if they didn’t profit directly. The penalties are severe: up to twenty years in prison and fines of up to five million rupees.
And because Sri Lanka cooperates with international regulators, being tied to a fraudulent Binance KYC account or other crypto exchange abroad won’t protect you. Through legal assistance treaties, exchanges will hand over the KYC details when asked. That means if your ID was used, it’s your name that comes up.
Real Cases, Real Victims
This isn’t a hypothetical scenario. In India, the Central Bureau of Investigation recently uncovered more than 850,000 mule bank accounts created with stolen or borrowed KYC. Many of them belonged to students who thought they were just helping someone, only to discover they were under criminal investigation.
The UK’s Financial Conduct Authority reported a sharp increase in money mule accounts in 2024, many involving young people tricked through social media offers of “easy income.” Even in Sri Lanka, while numbers aren’t public yet, the same patterns are visible in Telegram and WhatsApp job scams that lead people into handing over their IDs.
The common thread? Most of these people had no idea they were stepping into something illegal — until it was too late.
What the Research Tells Us
Studies into KYC fraud and mule account activity confirm how widespread the problem is. Continuous, or “perpetual,” KYC screening has been shown to detect 75% more mule activity compared to one-time checks. Mule accounts often stay dormant for months before suddenly being activated in bursts of fraudulent transactions.
Other research highlights how criminals exploit digital onboarding systems, taking advantage of fast verification to open dozens of accounts with fake or borrowed IDs. Advanced techniques, including synthetic identities and even AI-generated documents, make detection even harder.
But while technology keeps evolving, the scam itself often begins with something very human: a simple request, wrapped in a harmless excuse, targeting people who don’t realize the weight of what they’re being asked to do.
Why You Should Never Do KYC for Someone Else
If you ever agree to verify an account with your ID for someone else, here’s what you’re really risking:
- Criminal liability: If that account is used for scams or laundering, you could face investigation, arrest, and prosecution.
- Permanent blacklisting: Banks and exchanges may flag you, making it difficult to open accounts or access services in the future.
- Identity misuse: Your ID could be copied, resold, and tied to multiple accounts worldwide.
- Loss of trust: Once flagged as a mule, clearing your name can be nearly impossible.
The Final Warning
Scammers will tell you it’s just for bonuses. They’ll show you a real Binance or Bybit link to make it look safe. They’ll promise quick cash for “a simple verification.”
But the truth is stark: when your ID is tied to an account, you are the legal owner — and you are the one who will be held responsible for whatever happens next.
Don’t hand over your future for a few rupees or the illusion of harmless help. Protect your ID. Say no to anyone asking you to “just do KYC” on their behalf.
Because once you do, you’re not just verifying an account. You’re potentially stepping into the shoes of a scammer — and it’s your name, your record, and your life on the line.
Know the Threat. Stop the Attack.
– DEBUGGER
