US crypto exchange Kraken has detailed a North Korean hacker\u2019s attempt to infiltrate the organization by applying for a job interview.<\/p>\n
\u201cWhat started as a routine hiring process for an engineering role quickly turned into an intelligence-gathering operation,\u201d the company wrote<\/a> in a May 1 blog post.<\/p>\n Kraken said the applicant\u2019s red flags appeared early on in the process when they joined an interview under a name different from what they applied with and \u201coccasionally switched between voices,\u201d apparently being guided through the interview.<\/p>\n Rather than immediately rejecting the applicant, Kraken decided to advance them through its hiring process to gather information about the tactics used.<\/p>\n International sanctions have effectively cut North Korea off from the rest of the world, and the country\u2019s ruling Kim family dictatorship has long targeted crypto companies and users to top up the country\u2019s coffers. It\u2019s stolen billions worth of crypto so far this year.<\/p>\n Kraken<\/a> reported that industry partners had tipped them off that North Korean actors were actively applying for jobs at crypto companies.\u00a0<\/p>\n \u201cWe received a list of email addresses linked to the hacker group, and one of them matched the email the candidate used to apply to Kraken,\u201d it said.\u00a0<\/p>\n With this information, the firm\u2019s security team uncovered a network of fake identities used by the hacker to apply to multiple companies.\u00a0<\/p>\n Kraken also noted technical inconsistencies, which included the use of remote Mac desktops through VPNs and altered identification documents.<\/p>\n Kraken CSO @c7five<\/a> recently spoke to @CBSNews<\/a> about how a North Korean operative unsuccessfully attempted to get a job at Kraken. <\/p>\n Don\u2019t trust. Verify \ud83d\udc47 pic.twitter.com\/1vVo3perH2<\/a><\/p>\n \u2014 Kraken Exchange (@krakenfx) May 1, 2025<\/a><\/p>\n The applicant\u2019s resume was linked to a GitHub profile containing an email address exposed in a past data breach, and the exchange said the candidate\u2019s primary form of ID \u201cappeared to be altered, likely using details stolen in an identity theft case two years prior.\u201d<\/p>\n During final interviews, Kraken chief security officer Nick Percoco conducted trap identity verification<\/a> tests that the candidate failed, confirming the deception.\u00a0<\/p>\n Related: <\/strong><\/em>Lazarus Group\u2019s 2024 pause was repositioning for $1.4B Bybit hack<\/strong><\/em><\/a><\/p>\n \u201cDon\u2019t trust, verify. This core crypto principle is more relevant than ever in the digital age,\u201d Peroco said. \u201cState-sponsored attacks aren\u2019t just a crypto or US corporate issue \u2014 they\u2019re a global threat.\u201d<\/p>\n North Korea-affiliated hacking collective Lazarus Group<\/a> was responsible for February\u2019s $1.4 billion Bybit exchange hack<\/a>, the largest ever for the crypto industry.<\/p>\n North Korean-linked hackers also stole more than $650 million through multiple crypto heists during 2024, while deploying IT workers to infiltrate blockchain and crypto companies as insider threats, according<\/a> to a statement released by the US, Japan and South Korea in January.\u00a0<\/p>\n In April, a subgroup of Lazarus was found to have set up three shell companies<\/a>, with two in the US, to deliver malware to unsuspecting users and scam crypto developers.\u00a0<\/p>\nNorth Korea pulls off biggest-ever crypto hack<\/h2>\n