North Korean Operative Exposed During Kraken Exchange Job Interview
By: bitcoin ethereum news|2025/05/02 14:30:02
0
Share
TLDR North Korean actor attempted to infiltrate Kraken by applying for an engineering position Kraken received industry tip-off about suspicious emails linked to the hacker The applicant used fake identities, altered documents, and appeared to be coached during interviews Kraken deliberately continued the hiring process to gather intelligence on hacking tactics This incident highlights North Korea’s ongoing efforts to target crypto companies for financial gain North Korean hackers are getting creative in their attempts to infiltrate crypto companies, as demonstrated by a recent job application at Kraken exchange. The US-based crypto exchange revealed that it identified and tracked a North Korean operative who applied for an engineering role at the company. In a blog post published on May 1, Kraken detailed how what began as a standard hiring process quickly evolved into an intelligence-gathering operation. The company decided to advance the suspicious candidate through its hiring process after noticing several red flags. The first warning signs appeared early in the interview process. The applicant joined video calls using a name different from what was on their application. During the calls, they “occasionally switched between voices,” suggesting they were being coached in real-time by others. Rather than immediately rejecting the applicant, Kraken made the strategic decision to continue the process. This allowed them to collect valuable information about the tactics being used by the state-sponsored actor. Sophisticated Deception Methods The deception was uncovered thanks to a tip from industry partners who had warned that North Korean operatives were actively seeking employment at crypto companies. Kraken received a list of suspicious email addresses, and one matched the candidate’s application email. With this lead, Kraken’s security team uncovered a network of fake identities used by the hacker. These identities had been used to apply to multiple companies in the industry. Kraken CSO @c7five recently spoke to @CBSNews about how a North Korean operative unsuccessfully attempted to get a job at Kraken. Don’t trust. Verify pic.twitter.com/1vVo3perH2 — Kraken Exchange (@krakenfx) May 1, 2025 Technical inconsistencies further exposed the scheme. The applicant used remote Mac desktops accessed through VPNs to hide their true location. The identification documents they provided appeared to be altered, likely using details stolen in a previous identity theft case. The GitHub profile linked to the applicant’s resume contained an email address that had been exposed in a previous data breach. This created another connection to the suspicious activity. During final interviews, Kraken Chief Security Officer Nick Percoco conducted impromptu identity verification tests. These included asking the candidate to show government ID, verify their city of residence, and name local restaurants from their supposed location. “At this point, the candidate unraveled,” Kraken stated in their blog post. “Flustered and caught off guard, they struggled with the basic verification tests and couldn’t convincingly answer real-time questions.” Broader Threat Landscape The infiltration attempt comes amid heightened cyber activity from North Korea. International sanctions have effectively cut the country off from the global financial system, pushing the regime to target crypto as an alternative source of funds. North Korean hackers have stolen billions worth of cryptocurrency this year alone. The Lazarus Group, a hacking collective affiliated with North Korea, was responsible for February’s $1.4 billion Bybit exchange hack, which stands as the largest crypto theft in industry history. In April, a subgroup of Lazarus was found to have established three shell companies, including two in the US. These entities were created to deliver malware to unsuspecting users and scam crypto developers. According to a January statement released by the US, Japan, and South Korea, North Korean-linked hackers stole more than $650 million through multiple crypto heists during 2024. They’ve also deployed IT workers to infiltrate blockchain and crypto companies as insider threats. The remote work trend has made it easier for such operatives to conceal their identities and locations. By embedding agents inside firms, the regime gains access to sensitive data and can deploy ransomware or malicious code. “Don’t trust, verify. This core crypto principle is more relevant than ever in the digital age,” said Percoco. “State-sponsored attacks aren’t just a crypto or US corporate issue — they’re a global threat.” Kraken’s investigation underscores the need for companies to maintain vigilant hiring practices, particularly as state-sponsored actors become increasingly sophisticated in their infiltration attempts. Source: https://blockonomi.com/north-korean-operative-exposed-during-kraken-exchange-job-interview/
You may also like
Whales bought 270,000 BTC while ETFs bled $7 billion. One side is wrong
The crypto IPO class of 2025-26 is down as much as 89%. Autopsy of a listing boom
Robinhood Chain Mining Guide: A Comprehensive Tutorial from Cross-Chain to Memecoin
BitGo CEO says single-digit percentages of bitcoin's supply are 'probably right' for large holders amid Strategy's sale
Beyond Private Keys: How to Safeguard the Security Boundaries of Web3 from Wallets, L2 to Supply Chains?
Vanguard Enters the Market, Opening a New Crypto Gateway for 50 Million Traditional Investors
Why the OUSD Alliance of 150 Companies Still Cannot Shake USDT and USDC?
Citigroup Analysis: Is There Still 47% Upside for Nvidia? Can Rubin and CPO Deliver?
WEEX API Fast Connect: Turn Every Sign-In Into a Live Trader in Under 10 Seconds
WEEX API Fast Connect is a one-click OAuth authorization system that lets your users link their WEEX account without ever touching an API key. Frictionless onboarding, faster conversions, higher retention — built for WEEX Broker partners.
Bitcoin's dwindling exchange reserves don't pack the same bullish punch anymore
From Le Mans to the Rollercoaster: Carl Moon Takes On Portimão
Crypto world renowned KOL and racing driver Carl Moon, backed by WEEX, heads to the Ferrari Challenge Portugal round at the Algarve International Circuit, July 16–19, fresh off a podium finish at Le Mans. Here's why this race is one to watch.
Fast execution. Split-second accuracy. Security that never blinks. That's WEEX — and that's exactly how Carl races.
The Downfall of a Public Company: A $1.46 Billion Bet on WLFI, $540 Million Went to the Trump Family
Dragonfly Partner: BTC is Intergenerational Wealth, Optimistic About ETH and SOL
Goldman Sachs Calls to Go Long on Chinese AI: $4 Trillion Market Value Behind, Global Funds Only Allocated 1.2%
The New Landscape of Cryptocurrency in Europe: Why Germany Takes Center Stage?
Robinhood vs xStocks: Stock Tokenization Shouldn't Just Focus on Ticker On-Chain
Nexo launches crypto card in Argentina as Latin America push grows
Bank of America: Nvidia's Forward P/E Falls to 7-Year Low, Market Paying for a Non-Existent Risk
Whales bought 270,000 BTC while ETFs bled $7 billion. One side is wrong
The crypto IPO class of 2025-26 is down as much as 89%. Autopsy of a listing boom
Robinhood Chain Mining Guide: A Comprehensive Tutorial from Cross-Chain to Memecoin
BitGo CEO says single-digit percentages of bitcoin's supply are 'probably right' for large holders amid Strategy's sale
Beyond Private Keys: How to Safeguard the Security Boundaries of Web3 from Wallets, L2 to Supply Chains?
Vanguard Enters the Market, Opening a New Crypto Gateway for 50 Million Traditional Investors
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com

