In April 2025, Hong Kong police broke up a network that used AI to merge fraudsters' faces onto lost or stolen ID photos and pass remote bank onboarding, opening real accounts tied to reported losses above 190 million US dollars. The control that failed was automated face-match and liveness. That is a different failure from the 25-million-dollar deepfake video call of 2024, which defeated a human, not a system.
The case where a control failed
In April 2025, Hong Kong authorities dismantled a fraud operation that used AI to graft the operators' own faces onto photographs from lost and stolen identity documents. The composite was used to clear the remote identity-verification step that banks use to open accounts. Reporting tied the network to losses exceeding 190 million US dollars, and the accounts were real: opened, funded, moved through.
What failed here was the face-match and liveness layer, the automated check that is supposed to confirm a live, present person matches the document photo. It returned a pass on synthetic input. No human approved the match at the moment it counted.
This is not an isolated trick. The World Economic Forum's work with the biometrics vendor iProov examined a set of face-swapping and camera-injection tools and found that most of them defeated standard biometric onboarding checks in testing. The mechanism is now commodity: real-time face replacement runs on ordinary hardware, reproducing blink and micro-movement patterns well enough that passive liveness returns a match. A further class of attack, camera injection, feeds synthetic video straight into the verification step through a virtual device, so the liveness check never sees a real sensor at all.
The case where a control did not fail
The most famous deepfake-fraud story of all, the early-2024 Hong Kong incident in which a finance employee at the firm Arup wired about 25 million US dollars after a video call with what appeared to be the company's executives, is a different animal.
That was extraordinary, and it was a real loss. But what it bypassed was a person's judgment on a live call. There was no automated authenticity control in the loop to defeat. Filed correctly, it is high-fidelity social engineering, not a defeated control. It argues, if anything, that there was no technical control present where one should have been.
The distinction is not pedantry. It tells you where to spend. The Arup case is an argument for out-of-band verification, transfer-approval protocol, and process. The Hong Kong onboarding ring is an argument for not trusting a single biometric control that current tooling can beat.
On the scary numbers
Coverage of this threat is dense with percentages: large year-over-year rises in injection attacks, in deepfake share of fraud, in face-swap volume. Many of those figures originate from the identity-verification vendors who also sell the defense. Treat them as directional, vendor-reported context, not as load-bearing facts.
The load-bearing facts here are the ones from primary reporting and independent assessment: real accounts opened in the Hong Kong case, and the World Economic Forum and iProov finding that commodity tools defeated standard onboarding in testing. Those are enough.
What this means for liveness checks
If a face-match or liveness step gates account opening or access in your system, the question is not whether deepfakes look convincing. They do. The question is whether your specific deployment, today, returns a pass on a current-generation face-swap or an injected stream.
You cannot answer that from a datasheet. Liveness vendors publish results against the attacks they tested, on the timeline they tested them. Attackers do not hold still, and injection attacks deliberately sidestep the sensor the liveness model assumes. The only honest answer is a measured one against your control, with current attacks. The same pattern, clean-lab numbers that do not survive realistic conditions, is what our detector benchmark documents in detail.
The deepfake that opens a real account is a control problem. The deepfake on a video call is a process problem. Solve them as the different problems they are.