North Korean Hackers Attempt to Infiltrate Kraken Through Fake Job Application
Kraken uncovers a North Korean hacker’s job application scam targeting Kraken and crypto firms. Learn how cybercriminals are infiltrating the crypto industry with fake identities and remote access tactics
In a chilling reminder of how sophisticated cyber threats have become, leading crypto exchange Kraken recently exposed a covert attempt by a suspected North Korean state-sponsored hacker to gain access to its systems by applying for a job.
What seemed like a routine hiring process quickly turned into a high-stakes counter-intelligence mission, showcasing how cybercriminals are now leveraging social engineering, identity fraud, and global hiring trends to target the cryptocurrency industry from within.
Suspicious Candidate Triggers Internal Alarm
The red flags began waving during the initial video interview. The applicant joined the call under a different name than listed on their resume. Even more alarming, Kraken's interviewers observed the candidate frequently switching voices, indicating they were likely receiving real-time coaching.
Kraken CSO @c7five recently spoke to @CBSNews about how a North Korean operative unsuccessfully attempted to get a job at Kraken.
Don’t trust. Verify 👇 pic.twitter.com/1vVo3perH2 — Kraken Exchange (@krakenfx) May 1, 2025
Instead of cutting the interview short, Kraken made a strategic decision to proceed further with the process. This allowed their security team to observe and document the hacker’s methods in action.
How Kraken Detected the Deception
Prior warnings from industry partners had already put Kraken on alert. Several crypto firms were reportedly being targeted by North Korean operatives applying for technical positions. When Kraken cross-checked the applicant’s email address with a list of accounts linked to known hacking groups, a match was found, confirming suspicions.
Digging deeper, Kraken uncovered an entire web of fake identities tied to this individual. These same identities had been used in job applications across multiple crypto startups, all with one goal: to get inside access.
Technical evidence further strengthened the case:
- The applicant accessed interviews via remote Mac desktops, using VPNs to mask their true location.
- The submitted ID documents appeared altered, likely using stolen identity data from an old breach.
- The GitHub profile on the resume included an email address previously compromised in a data leak.
Final Verification: The Trap That Exposed the Truth
In the final interview phase, Kraken’s Chief Security Officer Nick Percoco led a series of “trap” verification tests. The candidate was asked to:
- Show a government-issued ID
- Confirm their city of residence
- Name a few local restaurants
The results? Total failure. The individual became visibly flustered and could not answer basic location-based questions, exposing their cover.
Percoco emphasized a foundational principle of the crypto world:
"Don’t trust. Verify." In today’s digital age, trust without verification can be catastrophic.
North Korea’s Growing Cyber Footprint in Crypto
This infiltration attempt is just one small chapter in a much larger narrative. With international sanctions cutting off economic access, North Korea has turned to cybercrime, especially targeting the decentralized world of cryptocurrency.
The infamous Lazarus Group, backed by the North Korean regime, is believed to be behind February’s record-breaking $1.4 billion hack of crypto exchange Bybit, the largest theft in crypto history.
In 2024 alone, hackers linked to North Korea have stolen over $650 million through various crypto exploits. Their tactics include:
- Deploying IT workers under fake identities at major blockchain companies
- Creating shell companies (some even registered in the U.S.) to spread malware
- Scamming developers by pretending to offer job opportunities or partnerships
Remote Work: A Double-Edged Sword
While remote work has become a global standard, it also creates vulnerabilities. These cyber operatives exploit flexible hiring practices to embed themselves deep within organizations, often undetected until it’s too late.
Their goal? Gain access to internal systems, extract valuable data, plant ransomware, or even inject malicious code directly into the product pipeline.
The Takeaway for Crypto Companies
Kraken’s experience is a stark warning for the entire crypto ecosystem:
Sophisticated cyber threats now wear suits, submit resumes, and pass interviews.
As the crypto space matures, so too do the strategies of those who wish to exploit it. Companies must strengthen their hiring processes, implement rigorous identity verification, and work closely with industry peers to share threat intelligence.
TLDR – What Happened?
- Kraken intercepted a job application from a suspected North Korean hacker.
- The candidate used fake credentials, was coached during interviews, and failed basic verification.
- Industry tips and internal checks confirmed ties to known hacking groups.
- Kraken used the interview process to gather intelligence on the hacker’s methods.
- This fits into a larger pattern of North Korean cyberattacks on crypto companies in 2024.
If you run or work at a crypto or blockchain company, now is the time to tighten your onboarding processes. As the line between cybercrime and corporate infiltration blurs, staying one step ahead is not optional, it’s mission-critical.
