background

From OpenAI's GPT series to Google's Gemini, to various open source models, advanced artificial intelligence is profoundly reshaping the way we work and live. However, as technology develops rapidly, a dark side that deserves vigilance is gradually emerging - the emergence of unlimited or malicious large language models.

So-called unrestricted LLM refers to language models that are deliberately designed, modified, or "jailbroken" to circumvent the built-in security mechanisms and ethical restrictions of mainstream models. Mainstream LLM developers usually invest a lot of resources to prevent their models from being used to generate hate speech, false information, malicious code, or provide instructions for illegal activities. However, in recent years, some individuals or organizations have begun to look for or develop unrestricted models on their own for motives such as cybercrime. In view of this, this article will take stock of typical unrestricted LLM tools, introduce how they are abused in the crypto industry, and explore related security challenges and solutions.

How does unrestricted LLM do evil?

Tasks that used to require professional skills, such as writing malicious code, making phishing emails, and planning fraud, can now be easily done by ordinary people with no programming experience with the help of unlimited LLM. Attackers only need to obtain the weights and source code of the open source model, and then fine-tune it on a data set containing malicious content, biased speech, or illegal instructions to create a customized attack tool.

This model has given rise to a number of risks: attackers can modify the model to generate more deceptive content based on specific goals, thereby bypassing the content review and security restrictions of conventional LLM; the model can also be used to quickly generate code variants for phishing websites, or tailor fraudulent copywriting for different social platforms; at the same time, the availability and modifiability of open source models are also constantly contributing to the formation and spread of the underground AI ecosystem, providing a breeding ground for illegal transactions and development. The following is a brief introduction to this type of unrestricted LLM:

WormGPT: Black version of GPT

WormGPT is a malicious LLM openly sold on underground forums. Its developers explicitly claim that it has no moral restrictions and is a black version of the GPT model. It is based on open source models such as GPT-J 6B and is trained on a large amount of data related to malware. Users only need to pay a minimum of $189 to get a one-month license. WormGPT's most notorious use is to generate highly realistic and convincing business email compromise (BEC) attack emails and phishing emails. Its typical abuse methods in encryption scenarios include:

  • Generate phishing emails/messages: Imitate cryptocurrency exchanges, wallets, or well-known projects to send "account verification" requests to users, inducing them to click malicious links or disclose private keys/mnemonics;

  • Writing malicious code: Assisting attackers with lower technical skills to write malicious code that can steal wallet files, monitor the clipboard, record keyboard keys, etc.

  • Driven automated scams: Automatically reply to potential victims to guide them to participate in fake airdrops or investment projects.

DarkBERT: A double-edged sword for dark web content

DarkBERT is a language model developed by researchers from the Korea Advanced Institute of Science and Technology (KAIST) in collaboration with S2W Inc. It is pre-trained on dark web data (such as forums, black markets, and leaked materials) with the original intention of helping cybersecurity researchers and law enforcement agencies better understand the dark web ecosystem, track illegal activities, identify potential threats, and obtain threat intelligence.

Although DarkBERT was originally designed with positive intentions, the sensitive content it holds about the dark web, such as data, attack methods, illegal trading strategies, etc., could be obtained by malicious actors or used to train unlimited large models using similar technologies. Potential abuses of DarkBERT in encryption scenarios include:

  • Carry out targeted fraud: collect information of crypto users and project teams for social engineering fraud.

  • Copycat criminal tactics: Replicate mature coin theft and money laundering strategies in the dark web.

FraudGPT: The Swiss Army Knife of Online Fraud

FraudGPT claims to be an upgraded version of WormGPT with more comprehensive functions. It is mainly sold on the dark web and hacker forums, with monthly fees ranging from US$200 to US$1,700. Its typical abuse methods in encryption scenarios include:

  • Fake crypto projects: Generate fake white papers, official websites, roadmaps and marketing materials for fake ICOs/IDOs.

  • Batch generate phishing pages: quickly create login pages or wallet connection interfaces that imitate well-known cryptocurrency exchanges.

  • Social media troll activity: creating fake reviews and propaganda at scale to promote scam tokens or discredit competing projects.

  • Social Engineering Attacks: The chatbot can mimic human conversations to build trust with unsuspecting users, tricking them into unintentionally revealing sensitive information or performing harmful actions.

GhostGPT: An AI assistant without moral constraints

GhostGPT is an AI chatbot that is clearly positioned as having no ethical restrictions. Typical abuses of GhostGPT in encryption scenarios include:

  • Advanced phishing attacks: Generate highly simulated phishing emails, impersonating mainstream exchanges to issue false KYC verification requests, security alerts, or account freezing notices.

  • Smart contract malicious code generation: Without any programming knowledge, attackers can use GhostGPT to quickly generate smart contracts containing hidden backdoors or fraudulent logic for Rug Pull scams or attacking DeFi protocols.

  • Polymorphic Cryptocurrency Stealer: Generates malware with the ability to continuously morph and steal wallet files, private keys, and mnemonics. Its polymorphic nature makes it difficult to detect with traditional signature-based security software.

  • Social engineering attacks: Combined with AI-generated speech scripts, attackers can deploy robots on platforms such as Discord and Telegram to induce users to participate in fake NFT minting, airdrops or investment projects.

  • Deep fake scams: In conjunction with other AI tools, GhostGPT can be used to generate fake voices of crypto project founders, investors, or exchange executives to conduct phone scams or business email compromise (BEC) attacks.

Venice.ai: Potential risks of uncensored access

Venice.ai provides access to a variety of LLMs, including some with less censorship or loose restrictions. It positions itself as an open gateway for users to explore the capabilities of various LLMs, providing the most advanced, accurate, and uncensored models to achieve a truly unlimited AI experience, but it may also be used by criminals to generate malicious content. The risks of this platform include:

  • Bypassing censorship to generate malicious content: Attackers can use the less restrictive models in the platform to generate phishing templates, false propaganda, or attack ideas.

  • Lowering the threshold for prompt engineering: Even if the attacker does not have advanced "jailbreak" prompt skills, he can easily obtain the originally restricted output.

  • Accelerate the iteration of attack scripts: Attackers can use the platform to quickly test the responses of different models to malicious instructions and optimize fraud scripts and attack methods.

Last words

The emergence of unlimited LLM marks that network security is facing a new attack paradigm with more complexity, scale and automation capabilities. This type of model not only lowers the threshold for attack, but also brings new threats that are more covert and deceptive.

In this game of escalating offense and defense, all parties in the security ecosystem can only cope with future risks through collaborative efforts: on the one hand, it is necessary to increase investment in detection technology and develop technologies that can identify and intercept phishing content, smart contract vulnerability exploits, and malicious code generated by malicious LLMs; on the other hand, it is also necessary to promote the construction of model anti-jailbreak capabilities and explore watermarking and traceability mechanisms to track the source of malicious content in key scenarios such as finance and code generation; in addition, it is necessary to establish sound ethical norms and regulatory mechanisms to limit the development and abuse of malicious models from the root.