North Korean Hackers Tried to Infiltrate Kraken — but the Platform Turned the Tables

We're seeing yet another instance of blockchain-based platforms and crypto companies being targeted in what appears to be a covert but widespread campaign by North Korean hackers.

Kraken, a leading cryptocurrency platform, has reportedly encountered an infiltration attempt by a North Korean hacker, who applied for an engineering role at the company. However, instead of rejecting the candidate, Kraken decided to study the attacker’s tactics in real-time, providing multiple insights valuable to the entire industry.

As reported by Chainalysis, this incident began when the candidate, who initially joined a call with a different name than the one listed on their resume, also switched between voices during the interview, suggesting they might be getting coaching from another party.

This behavior, recognized by Kraken as a common tactic used by North Korean hacker cells, raised further suspicion. Their internal Red Team was engaged and initiated an OSINT investigation, examining breach data, identity clusters, and the candidate’s online activity.

The investigation confirmed the individual was tied to a broader network of aliases and forged identities, one of which was directly linked to a person on international sanctions lists. This finding implicated the candidate with a North Korean APT group focused on cryptocurrency theft.

Furthermore, technical analysis of the candidate’s devices revealed anomalies and misconfigurations typically found in compromised systems, further supporting the hypothesis of malicious intent.

The candidate also displayed an unusually close proximity to the interviewer despite being in a different country, which, according to Kraken, was another indicator employed by North Korean hacker cells to maintain a persistent presence in a targeted company’s ecosystem.

Finally, they failed to respond convincingly to a question about a tattoo visible on their arm during the interview, becoming evasive and unable to verify basic personal details.

In a statement shared by email, CSO Nick Percoco concluded:

“Don’t trust, verify. This core crypto principle is more relevant than ever in the digital age. State-sponsored attacks aren’t just a crypto, or U.S. corporate, issue — they’re a global threat. Any individual or business handling value is a target, and resilience starts with operationally preparing to withstand these types of attacks. We're grateful for the opportunity to contribute to the collective defense by sharing our experience.”