- Kraken has identified a North Korean hacker attempting to infiltrate the company under the guise of a job applicant
- The company has conducted a covert investigation by advancing the candidate through interviews
- The hacker has been linked to a broader network using fake identities and compromised credentials.
A North Korean hacker has been exposed after attempting to gain employment at cryptocurrency exchange Kraken. The individual used a false identity and sophisticated tactics to get through multiple stages of the hiring process. Kraken’s internal teams detected anomalies early on and used the situation to gather intelligence on state-sponsored infiltration strategies, which have increased in recent months.
Suspicious Behavior Raises Alarm
Kraken outlined the incident in a blog post on May 1, stating that the incident began when the candidate joined a job interview under a different name than the one listed on their resume. The person appeared to be receiving help in real time, switching voices during the call, which suggested live coaching. The company’s security team found the applicant’s email matched one previously associated with North Korean hacking operations.
Kraken’s Red Team, working with the recruitment team, launched a deeper investigation and, using open-source intelligence, identified a web of connected identities tied to the applicant. One of these aliases had already been sanctioned as a foreign agent. “The goal of this effort was not to hire this person, but to gain a deeper understanding of how these state-sponsored actors operate,” Kraken stated.
Unmasking a State-Sponsored Actor
The candidate’s technical setup—remote Mac access via VPN—and the use of a GitHub profile tied to a breached email account raised additional concerns. The applicant submitted an altered ID document suspected to have been fabricated using stolen personal information. Rather than rejecting the applicant outright, Kraken’s team continued the process to collect more data.
During the final interview with Kraken Chief Security Officer Nick Percoco, the candidate was asked to perform subtle verification tasks. These included presenting live government ID, verifying local details from the city they claimed to live in, and answering contextual location-based questions. The applicant struggled, further confirming Kraken’s suspicion of an attempted cyber infiltration. Percoco summarised the risks associated with the new strategies adopted by hackers:
Don’t trust, verify. This core crypto principle is more relevant than ever in the digital age. State-sponsored attacks aren’t just a crypto, or U.S. corporate, issue – they’re a global threat. Any individual or business handling value is a target, and resilience starts with operationally preparing to withstand these types of attacks.
North Korean hacking groups recently expanded their operations to Europe in order to infiltrate crypto firms, with the attempt on Kraken showing that they are still focusing on recruitment as a key route in.
