Crypto Exchange Kraken Flags North Korean Infiltration Attempt Through Fake Job Application

Crypto exchange Kraken has uncovered an attempted infiltration by a North Korean hacker posing as a software engineering job candidate.

The incident began as a routine recruitment effort but quickly raised internal concerns due to multiple behavioral and technical anomalies.

First off, the individual joined the interview call under a different name from the one used on their resume. They also occasionally switched between voices, indicating they were receiving real-time coaching during the interview, according to Kraken. To top it off, the candidate accessed systems using a combination of colocated Mac desktops and VPNs, a setup typically used to mask physical location.

The candidate’s suspicious behavior led Kraken’s team to cross-check their application details. They discovered that their email address matched one previously flagged by industry partners as being associated with North Korean hacker group.

Kraken’s Red Team then launched a deeper probe using open-source intelligence methods, including analysis of breach data and email patterns, which led them to discover that the candidate was part of a broader web of fabricated identities, some of which had successfully gained employment at other crypto companies.

However, Kraken didn’t immediately reject the candidate. Instead, they advanced them through additional interview rounds in order to gather intelligence on the tactics used.

The final interview, led by Kraken’s Chief Security Officer Nick Percoco, included subtle identity verification questions — such as asking the candidate to provide local knowledge about their claimed location and produce live ID verification. The applicant failed to convincingly respond, confirming the team’s suspicions of a state-sponsored infiltration attempt.

Kraken cited the incident as part of a larger trend, with North Korean hackers reportedly stealing over $650 million from crypto firms in 2024 alone. Recently, these threat actors have intensified their infiltration tactics, increasingly targeting European companies as awareness of the North Korean infiltration efforts had increased in the U.S. after the Bybit hack.