Kraken’s Security Team Thwarted a Sophisticated Infiltration Attempt by a North Korean Hacker Posing as a Job Applicant

In a striking example of cybersecurity vigilance, crypto exchange Kraken has revealed it recently uncovered and neutralized an attempt by a North Korean hacker to infiltrate the company via its hiring process.

Crypto exchange Kraken has disclosed a recent encounter with a North Korean hacker who attempted to infiltrate the company during its hiring process.

As recounted in a blog post, the applicant, applying for an engineering role, displayed anomalies like inconsistent names, a voice change mid-interview (implied to be due to live coaching, and an email address that matched intelligence from industry partners about a known hacker network targeting crypto companies.

Instead of immediate rejection, Kraken's security team kept the candidate engaged, collecting intelligence as they advanced through the hiring stages. Using OSINT tools and breach data analysis, the team discovered a network of fake identities, past work credentials, and even a sanctioned foreign agent alias linked to the suspect.

During a final interview with Kraken's CSO, further identity verification like showing ID and answering local trivia was requested, ultimately confirming the applicant as an imposter.

Commenting on the event, Nick Percoco, CSO at Kraken, said:

"State-sponsored attacks aren’t just a crypto, or U.S. corporate issue, they’re a global threat. Any individual or business handling value is a target, and resilience starts with operationally preparing to withstand these types of attacks. We're thankful for our partners at Chainalysis and other industry peers who contribute to the collective defense against bad actors."

The full story from Kraken:

We recently had an interesting encounter with a North Korean hacker who tried to apply for a job at Kraken. It began with a routine application for an open engineering role. The applicant's email address caught our attention as it matched intelligence we had received from Chainalysis and other industry partners about a known hacker network targeting cryptocurrency companies.

Furthermore, throughout the hiring process, the applicant displayed anomalies that grew increasingly suspicious. Their name varied across different platforms and communications, and during one interview, the applicant's voice changed mid-call, which we later learned was likely due to live coaching from someone else. They also preferred to communicate through cloaked systems like colocated Macs and VPNs.

Despite these anomalies, we didn't want to reject the candidate out of hand. Instead, our security team decided to keep them engaged and collect more intelligence as we advanced them through our standard hiring procedures. Using OSINT tools and breach data analysis, we discovered a network of fake identities, past work credentials, and even a sanctioned foreign agent alias linked to the applicant.

The true scope of the deception unraveled during a final interview with me. As we reached the final stages of the interview process, we realized we needed to take additional steps to verify the applicant's identity. We asked them to show their ID, a request which they refused, and we posed a question of local trivia, which they failed to answer correctly. At this point, we were able to confirm that the applicant was an imposter.

We notified the authorities and are working with our partners to mitigate any potential risk. We also want to thank the many people who helped us to identify and report this activity.

This experience highlights a key challenge we're facing in crypto today. As attackers get more sophisticated, they're now walking through the front door, rather than just trying to breach the firewall. With AI now being used to create deep fakes and other forms of deception, we need to create more dynamic, real-time verification methods and foster a culture of security awareness across all departments of our organizations, not just IT.

Only by working together can we effectively combat this threat. We urge all companies and individuals in the crypto industry to be vigilant and take the necessary steps to protect themselves from North Korean hackers.

We're also grateful for the work of our partners at Chainalysis and other industry peers who are helping to develop new tools and techniques for detecting and reporting malicious activity. Together, we can make a difference.