Background
From OpenAI's GPT series to Google's Gemini, and various open-source models, advanced artificial intelligence is profoundly reshaping our work and lifestyle. However, as technology develops rapidly, a worrying dark side is gradually emerging - the appearance of unrestricted or malicious large language models.
So-called unrestricted LLMs refer to language models that are deliberately designed, modified, or "jailbroken" to circumvent the safety mechanisms and ethical restrictions built into mainstream models. Mainstream LLM developers typically invest significant resources to prevent their models from being used to generate hate speech, false information, malicious code, or provide instructions for illegal activities. However, in recent years, some individuals or organizations have begun seeking or developing unrestricted models for motivations such as cybercrime. In light of this, this article will inventory typical unrestricted LLM tools, introduce their abuse methods in the crypto industry, and explore related security challenges and countermeasures.
How Do Unrestricted LLMsCommitMalicious Acts?
Tasks that previously required professional technical skills, such as writing malicious code, creating phishing emails, and planning scams, can now be easily handled by ordinary people with no programming experience under the assistance of unrestricted LLMs. Attackers only need to obtain the weights and source code of open-source models, and then fine-tune them on datasets containing malicious content, biased speech, or illegal instructions to create customized attack tools.
This mode has spawned multiple risk hazards: attackers can "modify" models based on specific targets to generate more deceptive content, thereby bypassing content review and safety restrictions of conventional LLMs; models can also be used to quickly generate code variants for phishing websites or tailor scam scripts for different social platforms; meanwhile, the accessibility and modifiability of open-source models continue to foster the formation and spread of the underground AI ecosystem, providing a breeding ground for illegal trading and development.
WormGPT: The Black Version of GPT
WormGPT is a malicious LLM publicly sold on underground forums, with its developers explicitly stating that it has no moral restrictions and is the black version of GPT models. It is based on open-source models like GPT-J 6B and trained on massive data related to malware. Users can obtain a one-month usage permission for as low as $189. WormGPT is most notorious for generating highly realistic and convincing Business Email Compromise (BEC) attack emails and phishing emails. Its typical abuse methods in crypto scenarios include:
Generating phishing emails/messages:Impersonating cryptocurrency exchanges, wallets, or well-known project teams to send "account verification" requests to users, inducing them to click malicious links or disclose private keys/seed phrases;
Writing malicious code:Assisting attackers with low technical skills in writing malicious code for stealing wallet files, monitoring clipboards, recording keystrokes, etc.
Driving automated scams:Automatically responding to potential victims, guiding them to participate in false airdrops or investment projects.
DarkBERT: A Double-Edged Sword for Dark Web Content
DarkBERT is a language model developed collaboratively by researchers from the Korea Advanced Institute of Science and Technology (KAIST) and S2W Inc., specifically pre-trained on Dark Web data (such as forums, black markets, leaked materials), with the original intention of helping cybersecurity researchers and law enforcement better understand the Dark Web ecosystem, track illegal activities, identify potential threats, and obtain threat intelligence.
Although DarkBERT was designed with positive intentions, the sensitive content it possesses about Dark Web data, attack methods, and illegal trading strategies could have unimaginable consequences if obtained by malicious actors or if similar technologies are used to train unrestricted large models. Its potential abuse methods in crypto scenarios include:
Implementing precise scams:Collecting information about crypto users and project teams for social engineering fraud.
Mimicking criminal methods:Replicating mature strategies for stealing coins and money laundering from the Dark Web.
FraudGPT: The Swiss Army Knife of Cyber Fraud
FraudGPT claims to be an upgraded version of WormGPT, with more comprehensive functions, primarily sold on the Dark Web and hacker forums, with monthly fees ranging from $200 to $1,700. Its typical abuse methods in crypto scenarios include:
Forging crypto projects:Generating highly realistic white papers, websites, roadmaps, and marketing copy to implement false ICO/IDO.
Batch generating phishing pages:Quickly creating login pages mimicking well-known cryptocurrency exchanges or wallet connection interfaces.
Social media trolling activities:Massively manufacturing false comments and propaganda to boost scam tokens or discredit competing projects.
Social engineering attacks:This chatbot can simulate human conversations, establish trust with unsuspecting users, and induce them to inadvertently disclose sensitive information or perform harmful operations.
GhostGPT: An AI Assistant Without Moral Constraints
GhostGPT is an AI chatbot explicitly positioned without moral restrictions. Its typical abuse methods in crypto scenarios include:
Advanced phishing attacks:Generating highly simulated phishing emails impersonating mainstream exchanges to issue false KYC verification requests, security alerts, or account freezing notifications.
Malicious smart contract code generation:Without programming basics, attackers can quickly generate smart contracts with hidden backdoors or fraudulent logic using GhostGPT for Rug Pull scams or attacks on DeFi protocols.
Polymorphic cryptocurrency stealer:Generating malware with continuous morphing capabilities to steal wallet files, private keys, and seed phrases. Its polymorphic nature makes it difficult for traditional signature-based security software to detect.
Social engineering attacks:Combined with AI-generated script dialogues, attackers can deploy bots on Discord, Telegram, and other platforms to induce users to participate in false Non-Fungible Token minting, airdrops, or investment projects.
Deep fake fraud:In conjunction with other AI tools, GhostGPT can be used to generate forged voices of crypto project founders, investors, or exchange executives to conduct phone scams or Business Email Compromise attacks.
Venice.ai: Potential Risks of Uncensored Access
Venice.ai provides access to multiple LLMs, including some with less censorship or looser restrictions. It positions itself as an open portal for users to explore various LLM capabilities, offering the most advanced, accurate, and uncensored models to achieve a truly unrestricted AI experience, but it could also be used by criminals to generate malicious content. The platform's risks include:
Bypassing censorship to generate malicious content:Attackers can use models with fewer restrictions on the platform to generate phishing templates, false propaganda, or attack strategies.
Lowering the threshold for prompt engineering:Even attackers without advanced "jailbreaking" prompt techniques can easily obtain originally restricted outputs.
Accelerating attack script iteration:Attackers can use the platform to quickly test different models' responses to malicious instructions, optimizing fraud scripts and attack methods.
In Conclusion
The emergence of unrestricted Large Language Models (LLMs) marks a new paradigm of cyber security attacks that are more complex, scalable, and automated. Such models not only lower the threshold for attacks but also bring about more covert and deceptive new threats.
In this ongoing game of attack and defense, the only way for various parties in the security ecosystem to cope with future risks is through collaborative efforts: on one hand, there is a need to increase investment in detection technologies, developing methods to identify and intercept phishing content, smart contract vulnerability exploits, and malicious code generated by malicious LLMs; on the other hand, efforts should be made to enhance the model's anti-jailbreak capabilities and explore watermarking and traceability mechanisms to track the source of malicious content in critical scenarios such as finance and code generation; additionally, robust ethical guidelines and regulatory mechanisms need to be established to fundamentally restrict the development and abuse of malicious models.
