Kraken Thwarts North Korean Operative’s Brazen Attempt to Infiltrate Exchange
Another day, another state-sponsored crypto heist—except this time, the hackers tried the front door. Kraken’s security team just exposed a DPRK-linked ’job seeker’ attempting social engineering access to exchange systems. Who needs zero-day exploits when you can just upload a resume?
Security teams intercepted suspicious activity during routine vetting—turns out ’blockchain enthusiast’ translates differently in Pyongyang. The would-be infiltrator’s digital fingerprints matched known Lazarus Group tactics. Kraken’s response? A hard pass with extreme prejudice.
Meanwhile, traditional finance still thinks ’North Korea’ is just a geopolitical risk checkbox on their compliance forms. At least in crypto, we actually stop thieves instead of laundering their loot through correspondent banks.
The Truth Was Clear, This Was Not a Legitimate Applicant: Kraken
Before the interview, Kraken said that industry partners had tipped them off that North Korean hackers were actively applying for jobs at crypto companies.
Per the investigations, the candidate initially joined a video call using a different name from the one on his resume. Further, Kraken identified that the hacker’s email address matched one of the addresses linked to the North Korean hacker group.
“We discovered that one of the emails associated with the malicious candidate was part of a larger network of fake identities and aliases.”
Besides, among the candidate’s multiple identities, one in this network was also a “known foreign agent on the sanctions list.”
Suspect Was Put Through Multiple Technical Infosec Tests
The exchange carefully advanced the candidate through the hiring rounds instead of turning him down. Kraken’s security and recruitment teams put the hacker through multiple rounds of technical infosec tests and verification tasks.
These tests were “designed to extract key details about their identity and tactics,” the team wrote.
During the final round of interview, traps were set when the hacker was asked to verify his location and recommend nice restaurants in the city he claimed to live in.
“At this point, the candidate unravelled,” Kraken said, adding that the hacker struggled with the basic verification tests.
“Don’t trust, verify,” said Nick Percoco, Kraken’s chief security officer. “State-sponsored attacks aren’t just a crypto, or U.S. corporate, issue – they’re a global threat.”
