Kraken Thwarts Suspected North Korean Operative in Brazen Job Application Ploy
Exchange security teams stay paranoid for a reason—Kraken just flagged a job applicant with ties to North Korea’s infamous Lazarus Group. Because nothing says ’career growth’ like infiltrating crypto exchanges for a sanctioned regime.
No breaches occurred, but the attempt highlights the industry’s biggest open secret: everyone’s a target, from retail traders to C-suites. Meanwhile, traditional finance still thinks ’blockchain’ is a type of Peloton accessory.
Red flags
For Kraken, red flags emerged immediately. The candidate joined an initial video call using a name that did not match the one on their CV and changed it during the conversation. The individual also appeared to switch between different voices, indicating possible real-time coaching.
Kraken noted it had already received intelligence from partners about North Korean operatives applying for jobs at crypto companies. One email used by the candidate matched addresses flagged by industry sources.
An internal investigation tied the email to a larger network of aliases, some of which had already secured employment at other firms. One identity was linked to a sanctioned foreign agent.
The GitHub profile listed on the resume was associated with an email exposed in a prior data breach. The ID submitted during the process appeared to be falsified and may have used stolen information from a previous identity theft case.
The applicant used a colocated remote Mac desktop accessed via VPN to obscure their location.
During the final interview with Nick Percoco, Kraken’s Chief Security Officer, and other team members, Kraken introduced spontaneous verification requests, such as showing a government ID, verifying their city of residence, and naming local restaurants.
“At this point, the candidate unraveled. Flustered and caught off guard, they struggled with the basic verification tests and couldn’t convincingly answer real-time questions about their city of residence or country of citizenship,” Kraken said.
Unsurprisingly, Kraken ultimately declined to proceed with the hire.
The company said the experience underscores the need for organizations to remain vigilant against sophisticated, state-sponsored infiltration attempts.
"Don’t trust, verify. This CORE crypto principle is more relevant than ever in the digital age," said Percoco. "State-sponsored attacks aren’t just a crypto or U.S. corporate issue — they’re a global threat."
Edited by Sebastian Sinclair
