by Vincent Muthee
Kraken, a U.S-based crypto exchange, has unveiled how it busted a North Korean hacker posing as a legitimate job applicant. In a vigilant cybersecurity move, the exchange’s team identified and stopped the potential intruder who had applied for a software engineering position with the hope of gaining access to its infrastructure. But instead, the job interview turned into a counter-intelligence operation by Kraken’s cybersecurity and hiring teams.
The incident brings to light how bad actors in the crypto industry are trying out sophisticated tactics to steal information and funds. It also underscores the urgent need for crypto firms to advance their threat detection strategies. This incident also comes at a time where the crypto market is still faced by ‘PTSD’ resulting from the $1.4 billion ByBit hack.
How Kraken Identified Red Flags in a Seemingly Normal Interview
According to a blog by Kraken, the ordeal with the infiltrator started as a mere interview with an applicant that seemed a legitimate software engineer. But, several red flags emerged as the hiring process went by.
At first, the job applicant joined the video interview with a different name from that submitted on the resume. Then, he switched it quickly to conceal his identity. But the discrepancy had already caught the eye of the Kraken recruitment team.
Subsequently, the applicant kept changing voices mid-interview signaling a likelihood of ongoing coaching as the live session went on. It would not be long before the potential infiltrator was busted.
Kraken had already received intel from partners that North Korean hackers were posing as job seekers with an intention to gain access. A shared list of suspicious email addresses linked to sanctioned actors included the very email the applicant used to apply at Kraken.
Using Open-Source Intelligence (OSINT) techniques, Kraken’s internal cybersecurity team (Red Team) dug deeper. They analyzed historical breach data and cross-referenced digital footprints. The search revealed that the applicant’s email was part of a broader network of aliases and fake identities. In fact, some of the identities had already gained employment at other firms.
Kraken’s Hiring Process Turns Into an Intelligence Operation
With full information regarding the applicant’s intentions, Kraken’s security and recruitment team decided to take the hacker through the whole hiring process. The intention was to understand the different tactics and methods the hacker would use.
With specially designed multi-layer technical assessments, the process got underway. However, the final interview which involved identity verification faltered the applicant. The applicant was requested to hold up his ID, share his exact location and any nearby restaurants in his locality – all which he failed to do.
A North Korean operative attempted to join Kraken.
We had some questions.
Is that your final answer
Let's hear what he had to say. pic.twitter.com/QvHxbxEiaf
— Kraken Exchange (@krakenfx) May 2, 2025
To Kraken’s team, it became evident that the job applicant was not who he claimed to be. Rather, he was an infiltrator poised as a software engineer.
In a comment about the incident, Kraken’s Chief Security Officer Nick Percoco, who played a key role in the operation, said: “Don’t trust, verify. This core crypto principle is more relevant than ever in the digital age.”
A Broader Threat to the Crypto Sector
Kraken’s incident shines a spotlight on the evolving tactics hackers are using to infiltrate systems in the crypto sector. In fact, generative AI and other tools now enable attackers to craft convincing identities.
According to Percoco, “any individual or business handling value is a target.” He further advised that firms should be “operationally preparing to withstand these types of attacks.” The issue is however not just limited to crypto, but all businesses across the globe.
The experience by Kraken serves as a warning across industries: not all attackers breach firewalls. Some simply submit a resume.
#blockchain #crypto, #decentralized, #distributed, #ledger
