Background
From OpenAI's GPT series to Google's Gemini, and various open-source models, advanced artificial intelligence is profoundly reshaping our work and life. However, as technology develops rapidly, a worrying dark side is gradually emerging - the appearance of unrestricted or malicious large language models.
So-called unrestricted LLMs refer to language models that are deliberately designed, modified, or "jailbroken" to bypass the safety mechanisms and ethical restrictions built into mainstream models. Mainstream LLM developers typically invest significant resources to prevent their models from being used to generate hate speech, false information, malicious code, or provide instructions for illegal activities. However, in recent years, some individuals or organizations have begun seeking or developing unrestricted models for motivations such as cybercrime. In light of this, this article will review typical unrestricted LLM tools, introduce their abuse methods in the crypto industry, and explore related security challenges and countermeasures.
How Do Unrestricted LLMs Commit Malicious Acts?
Tasks that previously required professional technical skills, such as writing malicious code, creating phishing emails, and planning scams, can now be easily accomplished by ordinary people with no programming experience, aided by unrestricted LLMs. Attackers only need to obtain the weights and source code of open-source models, and then fine-tune them on datasets containing malicious content, biased speech, or illegal instructions to create customized attack tools.
This mode has spawned multiple risk hazards: attackers can "modify" models based on specific targets to generate more deceptive content, thereby bypassing content review and safety restrictions of conventional LLMs; models can also be used to quickly generate code variants for phishing websites or tailor scam scripts for different social platforms; meanwhile, the accessibility and modifiability of open-source models continue to foster the formation and spread of an underground AI ecosystem, providing a breeding ground for illegal trading and development. Here is a brief introduction to such unrestricted LLMs:
WormGPT: The Black Version of GPT
WormGPT is a malicious LLM sold openly on underground forums, with its developers explicitly stating that it has no moral restrictions and is the black version of GPT models. It is based on open-source models like GPT-J 6B and trained on massive data related to malware. Users can obtain a one-month usage right for as low as $189. WormGPT is most notorious for generating highly realistic and convincing Business Email Compromise (BEC) attack emails and phishing emails. Its typical abuse methods in crypto scenarios include:
Generating phishing emails/messages: Impersonating crypto exchanges, wallets, or well-known projects to send "account verification" requests to users, inducing them to click malicious links or reveal private keys/seed phrases;
Writing malicious code: Assisting low-technical-level attackers in writing malicious code for stealing wallet files, monitoring clipboards, recording keystrokes, etc.
Driving automated scams: Automatically replying to potential victims, guiding them to participate in false airdrops or investment projects.
DarkBERT: A Double-Edged Sword for Dark Web Content
DarkBERT is a language model developed collaboratively by researchers from the Korea Advanced Institute of Science and Technology (KAIST) and S2W Inc., specifically pre-trained on Dark Web data (such as forums, black markets, leaked materials), with the original intention of helping cybersecurity researchers and law enforcement better understand the Dark Web ecosystem, track illegal activities, identify potential threats, and obtain threat intelligence.
Although DarkBERT was designed with positive intentions, the sensitive content it masters about Dark Web data, attack methods, and illegal trading strategies could have unimaginable consequences if obtained by malicious actors or if similar technologies are used to train unrestricted large models. Its potential abuse methods in crypto scenarios include:
Implementing precise scams: Collecting information about crypto users and project teams for social engineering fraud.
Mimicking criminal methods: Replicating mature strategies for stealing coins and money laundering from the Dark Web.
FraudGPT: The Swiss Army Knife of Cyber Fraud
FraudGPT claims to be an upgraded version of WormGPT with more comprehensive functions, primarily sold on the Dark Web and hacker forums, with monthly fees ranging from $200 to $1,700. Its typical abuse methods in crypto scenarios include:
Forging crypto projects: Generating highly realistic whitepapers, websites, roadmaps, and marketing content for false ICO/IDO implementations.
Batch generating phishing pages: Quickly creating login pages mimicking famous crypto exchanges or wallet connection interfaces.
Social media trolling activities: Massively manufacturing false comments and propaganda to boost scam tokens or discredit competing projects.
Social engineering attacks: This chatbot can simulate human conversations, establishing trust with unsuspecting users and inducing them to inadvertently reveal sensitive information or perform harmful operations.
GhostGPT: An AI Assistant Without Moral Constraints
GhostGPT is an AI chatbot explicitly positioned without moral restrictions. Its typical abuse methods in crypto scenarios include:
Advanced phishing attacks: Generating highly simulated phishing emails impersonating mainstream exchanges to issue false KYC verification requests, security alerts, or account freezing notifications.
Malicious smart contract code generation: Without programming basics, attackers can quickly generate smart contracts with hidden backdoors or fraudulent logic using GhostGPT for Rug Pull scams or attacks on DeFi protocols.
Polymorphic cryptocurrency stealer: Generating malware with continuous morphing capabilities to steal wallet files, private keys, and seed phrases. Its polymorphic nature makes it difficult for traditional signature-based security software to detect.
Social engineering attacks: By combining AI-generated script narratives, attackers can deploy bots on Discord, Telegram, and other platforms to induce users to participate in false NFT minting, airdrops, or investment projects.
Deep fake fraud: In conjunction with other AI tools, GhostGPT can be used to generate forged voices of crypto project founders, investors, or exchange executives to conduct phone scams or Business Email Compromise (BEC) attacks.
Venice.ai: Potential Risks of Uncensored Access
Venice.ai provides access to multiple LLMs, including some with less censorship or looser restrictions. It positions itself as an open portal for users to explore various LLM capabilities, offering the most advanced, accurate, and uncensored models to achieve a truly unrestricted AI experience, but it could also be used by criminals to generate malicious content. The platform's risks include:
Bypassing censorship to generate malicious content: Attackers can use models with fewer restrictions on the platform to generate phishing templates, false propaganda, or attack strategies.
Lowering the threshold for prompt engineering: Even attackers without advanced "jailbreaking" prompt techniques can easily obtain originally restricted outputs.
Accelerating attack narrative iteration: Attackers can use the platform to quickly test different models' responses to malicious instructions, optimizing fraud scripts and attack methods.
In Conclusion
The emergence of unrestricted LLMs marks a new paradigm of cyber attacks that are more complex, scalable, and automated. These models not only lower the attack threshold but also bring more covert and more deceptive new threats.
In this ongoing game of attack and defense, the security ecosystem can only address future risks through collaborative efforts: on one hand, there is a need to increase investment in detection technologies, developing methods to identify and intercept phishing content, smart contract vulnerability exploits, and malicious code generated by malicious Large Language Models; on the other hand, efforts should be made to enhance model jailbreak prevention capabilities and explore watermarking and traceability mechanisms to track the sources of malicious content in critical scenarios such as finance and code generation; additionally, robust ethical guidelines and regulatory mechanisms need to be established to fundamentally restrict the development and misuse of malicious models.
