In February 2024, the service OnlyFake sold AI-generated photorealistic ID documents for about 15 dollars each. A reporter used one to pass the document-verification step of crypto exchange OKX. The control that failed was an automated ID-authenticity check, not a human reviewer. This is the difference between a convincing image and a defeated control, and it is the difference that matters.
The case
A viral image of a fake document is not, by itself, a fraud. It has to beat something. The interesting cases are the ones where it did.
OnlyFake is the clearest of those. Reported by 404 Media and picked up widely in early 2024, the service generated realistic ID documents from roughly 26 countries, including passports and driver licenses, for about 15 dollars apiece, paid in cryptocurrency. The reporting showed a generated British passport image clearing the Know Your Customer document check at the crypto exchange OKX. The operator claimed the same approach worked at other major exchanges, and a Telegram channel of users echoed it.
The exchange's own response is the tell. Asked about it, OKX described fake-ID bypass as an industry-wide issue, not a single-vendor slip. When the failure is industry-wide, the failure is in the control, not in one company's configuration.
What actually got bypassed
Separate two things that get collapsed in coverage like this. A human looking at a document and being convinced is social engineering. It is real, it is dangerous, and it is not what happened here. An automated system being handed a synthetic document and returning a pass is a defeated control. That is what happened here.
The document-authenticity layer, the software that is supposed to decide whether an uploaded ID is genuine, accepted a generated image. No person was in the loop at the moment the decision was made. That distinction is the whole point, because the second kind scales. A human reviewer fooled once is fooled once. A control that accepts a 15-dollar generated passport accepts it every time, at the speed of an API, for as many accounts as someone wants to open.
Why the realism was the wrong focus
Most of the public reaction to AI-generated documents fixates on how real they look. The realism is necessary, but it is not what beats the control. What beats the control is that the control was checking the wrong thing: surface appearance, layout, font, the presence of expected fields, rather than a signal that a generator cannot reproduce.
This is the same lesson that shows up across synthetic-media detection. A detector that keys on a feature the attacker can trivially supply will pass the attacker. The question is never whether the artifact looks right. The question is whether the control reads a property the artifact cannot fake. That is the thesis behind our benchmark of how detectors collapse once the test stops being clean.
What this means for document checks
If your onboarding flow accepts a scanned or uploaded identity document as proof, the OnlyFake case is your threat model, not a curiosity. Document-image authenticity alone is no longer a control you can lean on in isolation. It belongs in a defense-in-depth stack alongside issuer-side confirmation, cryptographic provenance where it exists, and cross-checks against authoritative records, the things a generated image cannot supply on demand.
And this is the part teams skip: you do not actually know whether your current document check would accept an OnlyFake-class input until someone tries it against your specific deployment, with current-generation tooling. Vendor benchmarks age. Generators do not wait. The only honest answer to whether your control holds is a measured one.
Margen does not sell document verification or detection. We are an independent third party that red-teams these controls under adversarial, platform-realistic conditions and reports, with a number and a margin of error, where they hold and where they break.