I really hate KYC. I have to effectively give my id docs and pics to strangers and I might find it in the dark web anyday. The only answer I have found to this is introducing a watermark, barely visible or sometimes clearly visible, indicating the ICO and date. If it leaks, at least it could be determined from where.
Well but normally doing that is not authorized by the websites that request KYC verification, so you will still be giving away your ID, and you probably wont even get verified. I hate doing KYC as well, I think we all do, at least if we value our privacy. I don't even know if it's an effective way of preventing money laundry and criminal activity, because like you said, people can probably buy leaked documents on the dark web, and they might be able to use them.
Some sites request that you take a picture with a webcam or some other device, and this is better than just sending an image file, and sometimes they even require a selfie. Although this looks even more invasive, I think it's better because it should at least be more effective, and if all sites ask this, I guess selling ID files on the dark web would become useless.
Anyway, you should really only do KYC verification if you really trust that site and there is not other option available.