Background
From OpenAI's GPT series to Google's Gemini, and various open-source models, advanced artificial intelligence is profoundly reshaping our work and lifestyle. However, along with the rapid advancement of technology, a dark side worthy of caution is gradually emerging—the emergence of unrestricted or malicious large language models.
The so-called unrestricted LLM refers to language models that have been specifically designed, modified, or 'jailbroken' to bypass the built-in security mechanisms and ethical restrictions of mainstream models. Mainstream LLM developers typically invest significant resources to prevent their models from being used to generate hate speech, misinformation, malicious code, or instructions for illegal activities. However, in recent years, some individuals or organizations have begun looking for or developing unrestricted models for motives such as cybercrime. In light of this, this article will review typical unrestricted LLM tools, introduce their abuse in the cryptocurrency industry, and explore related security challenges and responses.
How do unrestricted LLMs do harm?
Tasks that previously required specialized skills, such as writing malicious code, creating phishing emails, and orchestrating scams, can now be easily undertaken by ordinary people with no programming experience, thanks to the assistance of unrestricted LLMs. Attackers only need to obtain the weights and source code of open-source models, and then fine-tune them on datasets containing malicious content, biased statements, or illegal instructions to create customized attack tools.
This model has given rise to multiple risk factors: attackers can 'mod' models based on specific targets to generate more deceptive content, thereby bypassing the content review and security restrictions of conventional LLMs; the model can also be used to quickly generate variants of phishing website code or tailor scam scripts for different social platforms; meanwhile, the availability and modifiability of open-source models continue to fuel the formation and spread of an underground AI ecosystem, providing fertile ground for illegal transactions and development. Here is a brief introduction to these unrestricted LLMs:
WormGPT: The black version of GPT
WormGPT is a malicious LLM openly sold on underground forums, whose developers explicitly state that it has no ethical constraints and is a black version of GPT. It is based on open-source models such as GPT-J 6B and is trained on a large amount of data related to malware. Users need to pay a minimum of $189 to gain one month of access. WormGPT's most notorious use is to generate highly realistic and persuasive Business Email Compromise (BEC) attack emails and phishing emails. Its typical abuses in the cryptocurrency space include:
Generating phishing emails/messages: imitating cryptocurrency exchanges, wallets, or well-known projects to send users 'account verification' requests, luring them to click malicious links or disclose private keys/mnemonic phrases;
Writing malicious code: assisting technically less skilled attackers in writing malicious code to steal wallet files, monitor clipboard, record keystrokes, and other functions.
Driving automated scams: automatically responding to potential victims, guiding them to participate in fraudulent airdrops or investment projects.
DarkBERT: A double-edged sword for dark web content
DarkBERT is a language model developed in collaboration with researchers from the Korea Advanced Institute of Science and Technology (KAIST) and S2W Inc., specifically pre-trained on dark web data (such as forums, black markets, and leaked data) to help cybersecurity researchers and law enforcement better understand the dark web ecosystem, track illegal activities, identify potential threats, and gather threat intelligence.
Although DarkBERT was designed with good intentions, the sensitive content it holds about dark web data, attack methods, illegal transaction strategies, etc., if acquired by malicious actors or utilized to train unrestricted large models with similar technology, could lead to unimaginable consequences. Its potential abuses in the cryptocurrency space include:
Implementing precise fraud: collecting information about cryptocurrency users and project teams for social engineering fraud.
Imitating criminal methods: replicating mature theft and money laundering strategies from the dark web.
FraudGPT: The Swiss Army knife of online fraud
FraudGPT claims to be an upgraded version of WormGPT, with more comprehensive features, mainly sold on the dark web and hacker forums, with monthly fees ranging from $200 to $1,700. Its typical abuses in the cryptocurrency space include:
Counterfeit cryptocurrency projects: generating realistic white papers, official websites, roadmaps, and marketing copy for fraudulent ICOs/IDOs.
Bulk generation of phishing pages: quickly creating imitation login pages of well-known cryptocurrency exchanges or wallet connection interfaces.
Social media astroturfing: mass-producing fake comments and promotions to boost scam tokens or discredit competing projects.
Social engineering attacks: this chatbot can mimic human conversation, establish trust with unsuspecting users, and lure them into inadvertently disclosing sensitive information or performing harmful actions.
GhostGPT: An AI assistant without moral constraints
GhostGPT is an AI chatbot explicitly positioned as having no ethical constraints, with typical abuses in the cryptocurrency space including:
Advanced phishing attacks: generating highly realistic phishing emails impersonating mainstream exchanges with false KYC verification requests, security alerts, or account freeze notifications.
Intelligent contract malicious code generation: attackers can quickly generate smart contracts containing hidden backdoors or fraudulent logic using GhostGPT, without any programming background, for Rug Pull scams or attacking DeFi protocols.
Polymorphic cryptocurrency stealers: generating malware with continuous morphing capabilities to steal wallet files, private keys, and mnemonic phrases. Its polymorphic characteristics make it difficult for traditional signature-based security software to detect.
Social engineering attacks: combining AI-generated script dialogues, attackers can deploy bots on platforms like Discord and Telegram, luring users to participate in fraudulent NFT minting, airdrops, or investment projects.
Deepfake fraud: in conjunction with other AI tools, GhostGPT can be used to generate voice simulations of fake cryptocurrency project founders, investors, or exchange executives, executing phone scams or Business Email Compromise (BEC) attacks.
Venice.ai: Potential risks of uncensored access
Venice.ai provides access to various LLMs, including some with fewer restrictions or looser limitations. It positions itself as an open portal for users to explore the capabilities of various LLMs, offering cutting-edge, accurate, and uncensored models to achieve a truly unrestricted AI experience, but it may also be exploited by criminals to generate malicious content. The risks associated with this platform include:
Bypassing censorship to generate malicious content: attackers can leverage models with fewer restrictions within the platform to generate phishing templates, false propaganda, or attack strategies.
Lowering the threshold for prompt engineering: even if attackers do not possess advanced 'jailbreak' skills, they can easily obtain outputs that were originally restricted.
Accelerating the iteration of attack scripts: attackers can quickly test different models' responses to malicious instructions on the platform, optimizing fraud scripts and attack techniques.
In conclusion
The emergence of unrestricted LLMs marks a new paradigm of cyber threats that are more complex, large-scale, and automated. Such models not only lower the barriers to attack but also bring forth new, more covert and deceptive threats.
In this ongoing escalation of offense and defense, all parties in the security ecosystem must work together to address future risks: on one hand, there is a need to increase investment in detection technologies to develop systems that can identify and intercept phishing content generated by malicious LLMs, exploit vulnerabilities in smart contracts, and malicious code; on the other hand, efforts should be made to enhance model jailbreak prevention capabilities and explore watermarking and tracing mechanisms to track the sources of malicious content in critical scenarios such as finance and code generation; additionally, a robust ethical framework and regulatory mechanisms should be established to fundamentally limit the development and abuse of malicious models.
