Key Takeaways
- Kraken identified a North Korean hacker posing as a job candidate and turned the interview into a sting operation.
- By the end of the interview, Kraken found out it wasn’t a real job applicant but a state-backed hacking attempt.
- North Korean hacking groups have increasingly used fake job applications to infiltrate crypto firms across the U.S. and Europe.
Kraken has revealed it intercepted a covert attempt by a North Korean hacker to infiltrate the company, this time, not through code, but through a job application.
The crypto exchange said in a Friday blog post that its hiring team flagged suspicious behavior early in the process.
However, rather than cutting the interview short, they played along, advancing the applicant to gather intelligence on their tactics.
You’ll Want To See This
Kraken’s Job Interview Becomes Digital Sting
What started as a routine job interview for an engineering role at Kraken turned into a covert sting operation, revealing a state-sponsored hacking attempt linked to North Korea.
According to the exchange, recruiters quickly flagged multiple red flags during the early stages of the process.
The applicant accessed the interview using a colocated Mac desktop through a VPN, a setup often used to mask location.
Further checks revealed that the candidate’s GitHub profile was linked to an email exposed in a previous data breach. Even more telling, the ID documents they provided appeared manipulated and linked to a known identity theft case.
During the interview, the candidate joined under one name and changed it mid-call. They also switched voices mid-call, suggesting more than one person was present.
As suspicions grew, Kraken escalated the interview to its security team.
In a final staged interview, Kraken’s security team slipped in subtle verification tests. They asked the candidate to verify their identity with two-factor prompts, show government-issued ID, and name local restaurants from the city they claimed to be in.
The applicant struggled with all of them, unable to verify their location or produce legitimate documentation.
By the end of the call, Kraken concluded that the interviewee was not a legitimate job seeker but part of a coordinated effort to infiltrate the company’s systems.
A Growing Threat
“Don’t trust, verify,” Kraken’s chief security officer Nick Percoco said. “This core crypto principle is more relevant than ever in the digital age.”
State-sponsored attacks are no longer just about malware or phishing emails. North Korean hackers have been increasingly targeting crypto firms from the inside, posing as candidates to gain privileged access to systems.
The FBI and other international agencies have warned about this tactic, which has already been used to target firms across the U.S., U.K., and Europe.
Just recently, CCN reported that the North Korean hacking group Lazarus has been setting up shell companies in the U.S. using fake identities and addresses.
These entities were then used to post job listings, primarily targeting developers in the crypto space, to distribute malware.
Once a target was engaged, they were sent infected files capable of accessing private keys, scanning sensitive documents, and installing backdoors into their systems.
Was this Article helpful?
