North Korean Spy Unmasked During Job Interview at Kraken Cryptocurrency Exchange

North Korean Spy Unmasked During Job Interview at Kraken Cryptocurrency Exchange

Here's the lowdown:

• The Cunning North Korean Agent
• Suspicious Character Revealed
• Crafty Deception Methods Exposed
• North Korea's Broad Cyber Threat Landscape
• Lessons Learned

The Cat and Mouse Game

Recent attempts by North Korean hackers to infiltrate crypto companies have got creative, as demonstrated by a recent job application at the Kraken exchange. Kraken, a US-based crypto exchange, disclosed that they detected and tracked a North Korean operative who applied for an engineering position.

A Change in Strategy

In a blog post published on May 1, Kraken detailed the remarkable turn of events. The company decided to advance the suspect candidate through its hiring process after spotting several red flags.

The first warning signs cropped up early in the interview process. The applicant joined video calls using a name different from their application. During the calls, they sometimes switched between voices, suggesting coaching in real-time by others.

Undercover Operations

Instead of outright rejecting the applicant, Kraken made the strategic decision to continue the process. This allowed them to gather valuable information about the tactics being used by the state-sponsored actor.

Intricate Deception Techniques

The deception was unraveled thanks to an industry heads-up. Partners had warned about North Korean operatives seeking employment at crypto companies. Kraken received a list of suspicious email addresses, and one matched the applicant's application email.

With this lead, Kraken's security team uncovered a network of fake identities used by the hacker. These personas were used to apply to multiple companies in the industry.

Technical Irregularities Uncovered

The applicant used remote Mac desktops accessed through VPNs to hide their true location. The identification documents they provided appeared to be altered, likely taken from a previous identity theft case.

The GitHub profile linked to the applicant's resume contained an email address that had been exposed in a previous data breach. This created another connection to the suspicious activity.

Identity Verification Tests

During final interviews, Kraken Chief Security Officer Nick Percoco conducted improvised identity verification tests. These included asking the candidate to show government ID, verify their city of residence, and name local restaurants from their supposed location.

"At this point, the candidate unraveled," Kraken stated in their blog post. "Flustered and caught off guard, they struggled with basic verification tests and couldn’t convincingly answer real-time questions."

A Wider Threat Online

The infiltration attempt comes amid heightened cyber activity from North Korea. International sanctions have left the country with limited options for accessing the global financial system, pushing the regime to target crypto as an alternative source of funds.

North Korean hackers have swiped billions in cryptocurrency this year alone. The Lazarus Group, a hacking collective affiliated with North Korea, was responsible for February's $1.4 billion Bybit exchange hack—the largest crypto theft in industry history.

Closing the Shop

In April, a subgroup of Lazarus was discovered to have established three shell companies, including two in the US. These entities were created to distribute malware to unsuspecting users and scam crypto developers.

According to a January statement released by the US, Japan, and South Korea, North Korean-linked hackers stole over $650 million through multiple crypto heists during 2024. They've also deployed IT workers to infiltrate blockchain and crypto companies as insider threats.

The Remote Work Trend Boosts Hackers

The remote work trend has made it easier for such operatives to conceal their identities and locations. By embedding agents inside firms, the regime gains access to sensitive data and can deploy ransomware or malicious code.

"Don't trust, verify. This core crypto principle is more relevant than ever in the digital age," said Percoco. "State-sponsored attacks aren't just a crypto or US corporate issue - they're a global threat."

Takeaways for Companies

Kraken's investigation underscores the need for companies to maintain vigilant hiring practices, particularly as state-sponsored actors become increasingly sophisticated in their infiltration attempts.

[1] Bilge, L. (2025, April 1). New Report Exposes North Korean Crypto Hacking Campaign Targeting Developers. CoinDesk.[2] Kraken Security Team. (2025, May 1). Update on Recent Infiltration Attempt. Kraken Blog.[3] Shyu, A., & Krazit, C. (2025, February 19). North Korean Hackers Made Away With Over $650 Million in Cryptocurrency Last Year, Report Says. CNBC.[4] Gift, C. (2025, January 14). North Korean Hackers Stole $400 Million in Crypto in a Single Month, Report Says. The Washington Post.[5] Kim, Y. (2025, March 22). North Korean Hackers Have Stepped Up Malicious Activity in the Cyber World, Report Says. The Associated Press.

1. The North Korean hacker, who applied for an engineering position at crypto exchange Kraken, likely used deception techniques and technical irregularities in an attempt to infiltrate the company, as reported by Kraken in their blog post.
2. General-news sources have indicated that North Korean hackers have been applying for positions at crypto companies, aiming to gain access to sensitive data and carry out cyberattacks, as was the case with the North Korean operative at Kraken.
3. Inconsistencies in the applicant's email address, identity documents, and GitHub profile raised suspicion, leading Kraken to conduct further investigation and ultimately expose the hacker's deceitful methods.
4. This incident highlights the importance of cybersecurity in the cryptocurrency industry, as North Korea has been increasingly involved in cybercrime and crypto theft to bypass financial sanctions imposed on the country.
5. As state-sponsored actors become more sophisticated in their infiltration attempts, crypto companies must remain vigilant and apply rigorous screening and verification processes in their hiring practices, similar to the steps taken by Kraken.

Read also: