2 May 2025
US crypto exchange Kraken has detailed a North Korean hacker’s attempt to infiltrate the organization by applying for a job interview.
“What started as a routine hiring process for an engineering role quickly turned into an intelligence-gathering operation,” the company wrote in a May 1 blog post.
Kraken said the applicant’s red flags appeared early on in the process when they joined an interview under a name different from what they applied with and “occasionally switched between voices,” apparently being guided through the interview.
Rather than immediately rejecting the applicant, Kraken decided to advance them through its hiring process to gather information about the tactics used.
International sanctions have effectively cut North Korea off from the rest of the world, and the country’s ruling Kim family dictatorship has long targeted crypto companies and users to top up the country’s coffers. It’s stolen billions worth of crypto so far this year.
Kraken reported that industry partners had tipped them off that North Korean actors were actively applying for jobs at crypto companies.
“We received a list of email addresses linked to the hacker group, and one of them matched the email the candidate used to apply to Kraken,” it said.
With this information, the firm’s security team uncovered a network of fake identities used by the hacker to apply to multiple companies.
Kraken also noted technical inconsistencies, which included the use of remote Mac desktops through VPNs and altered identification documents.
Kraken CSO @c7five recently spoke to @CBSNews about how a North Korean operative unsuccessfully attempted to get a job at Kraken.
Don’t trust. Verify 👇 pic.twitter.com/1vVo3perH2
— Kraken Exchange (@krakenfx) May 1, 2025
The applicant’s resume was linked to a GitHub profile containing an email address exposed in a past data breach, and the exchange said the candidate’s primary form of ID “appeared to be altered, likely using details stolen in an identity theft case two years prior.”
During final interviews, Kraken chief security officer Nick Percoco conducted trap identity verification tests that the candidate failed, confirming the deception.
Related: Lazarus Group’s 2024 pause was repositioning for $1.4B Bybit hack
“Don’t trust, verify. This core crypto principle is more relevant than ever in the digital age,” Peroco said. “State-sponsored attacks aren’t just a crypto or US corporate issue — they’re a global threat.”
North Korea pulls off biggest-ever crypto hack
North Korea-affiliated hacking collective Lazarus Group was responsible for February’s $1.4 billion Bybit exchange hack, the largest ever for the crypto industry.
North Korean-linked hackers also stole more than $650 million through multiple crypto heists during 2024, while deploying IT workers to infiltrate blockchain and crypto companies as insider threats, according to a statement released by the US, Japan and South Korea in January.
In April, a subgroup of Lazarus was found to have set up three shell companies, with two in the US, to deliver malware to unsuspecting users and scam crypto developers.
Magazine: Japanese porn star’s coin red flags, Alibaba-linked L2 runs at 100K TPS: Asia Express