Cryptocurrency exchange Kraken said Thursday it identified and blocked a North Korean hacker posing as a job applicant in a bid to infiltrate the company’s internal systems.
The attempt was uncovered during a hiring process for an engineering position earlier this year, Kraken said in a blog post. The company’s internal security and IT teams coordinated to gather intelligence as the candidate quietly advanced through interview rounds.
Suspicious Activity Uncovered Early
The applicant triggered initial concerns after joining a recruiter call under a name different from the one listed on their résumé. Further irregularities included inconsistent speech, which Kraken said suggested real-time coaching during the interview.
Industry partners had previously warned the company of active job-seeking efforts by North Korean hacker groups. A cross-reference of known hacker-linked emails revealed that the applicant had used a flagged address. Kraken’s internal Red Team launched a deeper investigation, employing open-source intelligence (OSINT) methods.
Their analysis revealed that the candidate was linked to a network of false identities, some of which had successfully obtained employment in other firms. One identity traced back to a sanctioned foreign agent, Kraken said.
Verification Triggers Collapse of Cover
To further assess the threat, Kraken advanced the applicant through additional interviews, culminating in a final video call with Chief Security Officer Nick Percoco and team members. During the interview, the applicant was asked to verify their location, present government-issued identification, and respond to questions about local knowledge in the city they claimed to reside.
The applicant failed to respond convincingly, becoming visibly flustered and struggling with basic questions. Kraken determined the individual was likely part of a broader effort by state-sponsored actors to penetrate private-sector infrastructure.
Percoco emphasized the importance of vigilance. “State-sponsored attacks target not just crypto companies, but any organization handling value,” he said in a statement.
According to multiple reports, North Korean hacking groups stole more than $650 million from crypto firms in 2024. Kraken said it released the details to help raise industry awareness and encourage stronger security practices during hiring processes.
