The FBI started its investigation into VerifTools, an illegal template and document generator, back in August 2022.
They found two fully functioning marketplaces and a blog, seizing more than $6.4 million in illicit funds. The fake documents fueled criminals worldwide and getting a document only required a few coins sent between crypto wallets.
It turns out that getting a fake document, even an ID for all 50 U.S. states, is always going to be as easy as it is to find and access a template farm on the open web.
But killing these farms is not nearly as simple.
I always say: Template farms are unkillable.
The FBI ended its investigation in August 2025, effectively seizing VerifTool’s two domains and, decidedly halting this farmer’s operations.
Except it didn’t. VerifTools still lives…
VerifTools: The generator
VerifT is something we call “the Generator” type template farm.
Why “generator?”
Most farms work like standard online shops: you simply add templates to a cart, process the transaction, and obtain the files for later editing. But your mileage may vary widely in terms of outcome (depending on your personal editing skills).
Generators solve the editing bit for you: select a template, input the data, and generate a high-quality, ready-made document.
More than that, this approach also enables “batch generation” of multiple documents based on an existing database of leaked, stolen, or synthesized identities. This feature is especially dangerous in the hands of organized crime groups, who rely on it to create massive numbers of fake documents to test the onboarding controls of financial institutions.
The most infamous “generator” template farm we have come across so far is the OnlyFake platform, the template generator that caused a moral panic on social media in early 2024. OnlyFake wasn’t just a pioneer for its generations, it offered those batch generations we described above, making it a favorite among criminal sydicates.
VerifTools also provided this feature (via API or as an Excel macro) as well as a tutorial on how to operationalize it.
The way batch generation works on VerifTools is actually quite fascinating (or terrifying). Here’s a brief aside about it from one of our threat intelligence experts, Tomas Formanek:
“To streamline everything, VerifTools offers its own purpose-built API: a neat gateway for bulk submissions and downloads of freshly generated documents. With a few lines of Python, you can fire off a batch request and have a stack of ready-made fakes waiting for you moments later. It’s the modern way to stitch document generation directly into a larger workflow.
But they didn’t stop there. For those who don’t speak Python but can navigate Excel blindfolded, the Verif Tools also provides a macro-enabled spreadsheet. Enter your data in tabular form, click a button, and out come the documents. Because if fraudsters have learned anything, it’s this: everyone knows Excel.”
So how did VerifTools get its start?
A brief history of VerifTools
To our knowledge, the original domain VerifTools started with was “verif.tools”. This domain was registered in February 2021, right in the middle of a global pandemic that significantly increased the demand for all kinds of fake documentation.
Publicly available information on the original "verif.tools" domain, showing its creation in February 2021
The first capture of the website from June 2021 shows a user interface that remained mostly unchanged over the next few years of its existence: a left panel with several document categories and a quick introduction on what the platform is and how to use its generative capabilities.
The first available capture of the "verif.tools" website from June 2021
Ironically, the introduction claimed that VerifTools is “an online tool for quickly editing image layouts… We have collected together the most popular templates for letterheads, business cards, postcards, mockups…use them right now from any device”.
But you don’t see “business cards” or “postcards” in the document type selection panel. There’s passports, driver’s licenses, ID cards, barcodes… Hardly the “generic” templates you don’t need for a specific, and likely illegal, use case.
ID documents clearly were the original focus of VerifTools. The farm’s catalog is richest when it comes to passports, drivers licenses, or national IDs. But they have around 250 templates available, offering documents from high-profile issuers such as bank statements, utility bills, residential permits, green cards, credit cards, and more.
VerifTools also added a country list, offering documents for 69 countries across all continents, with a clear focus on larger first world nations like the USA, UK, China, Canada, Australia and other “popular” jurisdictions.
Compared to other template farms, VerifTools’ offering is much smaller in scope but is likely compensated by:
- The focus on popular countries and documents.
- Providing high quality with different image variations (photo, scan, print).
After generating, the quality is obvious. The documents have decent resolution, and users have several options and varieties when it comes to “personalizing” their orders (backgrounds, signatures etc.).
Production-wise, VerifTools leans into “no technical expertise required” rhetoric. That appears to be genuine as customers only need to fill out pre-defined fields or select from existing layouts and visual style options.
You can generate documents with VerifTools in three steps:
- Input of personal details (name, address).
- Input of numerical fields and special details (DOB, IBAN, BIC, SSN, date of issue, date of expiry, codes, cheque numbers, etc.).
- Selection of image type (photo, scan, print), image background, singatures, and other additional features.
Screenshots showing steps of generating document images using VerifTools. Screenshots were redacted for opsec reasons
The barriers to entry are also surprisingly minimal. VerifTools does require its customers to “sign up.” To process orders you have to top-up a wallet embedded into the platform. This is easily done via crypto, and both topping up and purchasing is handled almost instantaneously. Then it’s smooth sailing.
Tutorials, referrals and the “revolution in the KYC landscape”
As we’ve said before, template farmers love to offer their audience and customers content that establishes their expertise in the field of document forgery. Blog articles, tutorials or manuals are all relevant.
VerifTools operators have clearly put ample effort into building up some of that kind of content as well, with some of their articles including advice on:
- How to make a signature.
- How to print and make a selfie.
- How to remove the traces of Photoshop and clean metadata.
- How to create fake passports, utility bills, drivers licenses or IDs (ideally using the VerifT platform, of course).
Unsurprisingly, the articles usually don’t go into too much detail, but essentially function as content marketing, SEO, and advertisements for the platform.
Ironically, one of the articles at VerifTools’ blog titled “VerifTools is Revolution in the KYC landscape” even claims that the platform is a:
“Groundbreaking service that has emerged as a game-changer in the fight against document [because] the emergence and proliferation of VerifTools underscores the urgent need for proactive measures to address the evolving challenges of document fraud in the digital age.”
A screenshot of the VerifT’ blog article on
"the revolution in the KYC landscape"
In translation: we’re making great fake documents available cheaply for everyone, and business and regulators therefore must react. What twisted logic — but we really shouldn’t expect anything else from these template farming criminals at this point.
And it’s not just SEO blogs when it comes to spreading the word about VerifTools.
In one of their CTAs, the platform announces the release of a “long-awaited referral system,” inviting its customers to promote and advertise as “surely you have many partners, friends, or acquaintances who would be very useful to our site.”
Like any standard referral program, VerifTools provides a personal link to each registrant that can be disseminated to new prospects. If they sign up, a decent percentage of each of their purchases will now be also directed to the account who invited the prospects to register.
Affiliate marketing, pyramid scheming at its finest. This likely contributed significantly to VerifTools’ traffic increase over time, and how it came to be one of the most popular template farms we’ve ever seen.
So how many visitors does VerifTools attract on a regular basis, especially in the last few years before the FBI crackdown?
VerifTools web traffic metrics
Traffic-wise, VerifTools started out as a fairly average template farm in its first 2 years, recording lower thousands of unique visitors each month.
Things shifted dramatically at the beginning of 2023. Viewership jumped to 80k unique visitors in January of that year and continued to surge throughout 2023 to over 285k monthly unique visitors in February 2024.
These are not numbers to be taken lightly. Most farms we know about never get over the 30k unique monthly visitors threshold, putting VerifTools among the top visited template farms out there.
In August 2024, traffic started decreasing dramatically, and went down to about 10k unique visitors in June 2025. This could be because of backup domains. Farmers create and register backup domains over time to make themselves harder to eliminate.
VerifTools potentially directed its audience to other domains to diversify the traffic and prepare other sites for its customer base in case of being targeted by law enforcement.
Monthly Unique Visitors of the original “verif.tools”
website since its launch
The traffic for the original domain never picked up again, and in the summer of this year, the law enforcement seizure finally happened (and was announced publicly).
The FBI crackdown
At the end of August 2025, the U.S. Attorney’s Office for the District of New Mexico published a press release announcing the seizure of “two marketplace domains and one blog used to sell fraudulent identity documents to cybercriminals worldwide”.
The Justice Department collaborated closely with investigators and prosecutors from multiple jurisdictions in this investigation, including the District of New Mexico, Eastern District of Virginia, the Dutch National Police and the Netherlands Public Prosecution Service.
The domains seized were likely the original “verif.tools” domain and the “veriftools.net” which was registered in July 2024.
We have also noticed that law enforcement took down “veriftools.org” and potentially other different TLDs tied to the “veriftools” domain name.
It also took down “veriftools.pics” and “veriftools.com.”
The release also explained how the FBI caught on to VerifTools:
“The Federal Bureau of Investigation (FBI) began investigating in August 2022 after discovering a conspiracy to use stolen identity information to access cryptocurrency accounts… The investigation revealed that VerifTools offered counterfeit identification documents for all 50 U.S. states and multiple foreign countries for as little as nine dollars, payable in cryptocurrency.”
The FBI press release on VerifTools published in August 2025
The story made headlines in several cybersecurity or financial crime focused media, and it all sounds like a job well-done, doesn’t it? VerifTools was “taken down.” Servers were seized, and law enforcement officials can publicize the quotes about battling online crime. The internet is “not being a refuge for criminals” and “the removal of this marketplace is a major step in protecting the public from fraud and identity theft crime.”
Honestly, I wish all that were true. There would be one less major template farm spewing fake documents across the globe.
But the truth is always more complex.
While two websites have been taken down and some servers were seized… VerifTools is very much alive and kicking.
VerifTools: Rise from the dead
Even on the same day that US law enforcement published its press release, VerifTools admin, a man named “Martin,” was already communicating the launch of a new domain on an updated and dedicated Telegram channel.
A Telegram message announcing the relaunch of VerifTools
Several media outlets were quick to point out that VerifTools relaunched on different domains right after the news of the FBI crackdown. But none provided a complete list or mapping of the new domains, and none had the benefit of looking at this 6 months after the initial FBI news.
But we did. There might be many more domain names registered that we don’t even know about yet, but so far, we have recorded the following, functional domains:
- veriftools.eth
- veriftools.blog
- veriftools.cc
- veriftools.cv
- veriftools.fan
- veriftools.fans
- veriftools.homes
- veriftools.life
- veriftools.pro
- veriftools.tools
Checking the domain registration data, all of the domains listed above were created/registered in October 2025. This indicated two things: they were all likely started by the same group (i.e. the original VerifTools admins) and that this was a clear reaction to the original site takedown that happened this summer.
Traffic-wise, these domains currently receive around 80k unique monthly visitors already. While not reaching the peak traffic the original domain registered during 2024, it seems that VerifTools succeeded in retaining a significant portion of its traffic base in just a few months, likely compiled of the most loyal customers, and that its new domains are being effectively communicated via Telegram or other channels.
It’s also important to note that this list could be a lot larger than we think with even higher overall traffic. If you consider the number of possible variations when it comes to TLDs, there can be as much as 1,400 different domains set up for “veriftools” just by changing the TLD.
At the same time, we have already come across similar domains such as “verriftools.com.” This is an example of a domain that’s potentially acting as a parasite, trying to steal some of VF’s visibility without providing any document templates whatsoever. No honor among thieves (or should we say, scammers) here.
But what is the main lesson?
The list of domains above clearly shows that battling template farms resembles, as we like to say, a game of whack-a-mole. You might whack one or two moles (or three or ten, for that matter), but you can be almost sure more will pop up (or have already been waiting “in stock”).
To put it a different way: this battle cannot be won by taking down the template domains, as you can never take them all down realistically.
These farms are unkillable…
And that brings us to the final point on farm unkillability and the indispensability of advanced document forensics tools.
The battle against sophisticated threats like template farms, account farms, or even AI-generated content cannot (and will not) be won by thinking we can completely eradicate these threats.
As we’ve seen with this example, template farms will continue to exist, and it would take serious cross-border law enforcement collaboration to take down even one of these organized farming groups. And by the time you have, it's almost guaranteed (like the unkillable Hydra) that two or three more will take their place.
That being said, we can fight these threats on the frontlines, i.e. when these “products” (whether it’s fake documents or fake accounts) are being used to commit financial crime.
By continuously developing our detection mechanisms, and staying ahead of fraudsters who obviously iterate and try to improve themselves, we can significantly contribute to fighting and preventing fraud and other financial crimes worldwide.
Not that law enforcement doesn’t matter, or that we wouldn’t like to see it orchestrate online-crime-fighting operations like the one described here. But we can’t and won’t rely on it.
The next time someone asks me why template farms aren’t being taken down, I’ll have a different answer.
They are being taken down. But they are also unkillable.
And the key to vanquishing this dragon is not about cutting off its head(s). It’s about making sure its fire can’t hurt us.
Making sure we’re Resistant to it.
Does Resistant AI detect VerifTools?
We’ve tested one of the currently functional VerifTools domains extensively.
It seems to be working exactly the same as it used to before, and we were able to generate numerous documents easily and within minutes.
What’s the good news then?
VerifTools’ “products“ may be of decent quality, can be obtained in several variations, and the farmers themselves appear to provide expertise on how to strip their images of metadata or other traces of tampering.
But we pride ourselves on going deeper.
To that degree, we’ve run many generated images of documents through our Resistant Documents tool. Whether these were IDs, bank statements, or utility bills, all were flagged properly as high-risk submissions that should not be allowed to pass in adequately set up KYC, KYB or onboarding processes.
A detection screenshot of a document image generated with VerifT. Screenshot was redacted for opsec reasons.
Scroll down to book a demo to learn more.
