A North Korea-backed hacker tried to get a job at Kraken to access the company’s systems, the exchange revealed Thursday.
The applicant posed as an engineer and was caught mid-interview after Kraken’s security teams ran a full investigation into the person’s identity and digital trail. The company said the hiring process became an intelligence operation the moment red flags started to show.
According to Kraken, the job application attempt came during a routine recruitment process. However, the situation turned serious when the candidate gave a name different from the one on their resume during the first call and then quickly corrected it. The person’s voice also shifted multiple times during the interview, leading recruiters to believe someone else might’ve been coaching them live.
Kraken uses breach data and email tracing to expose the operation
The applicant had submitted an email that matched one previously flagged by crypto industry contacts who had warned that North Korea’s hacker units were actively applying to companies in the sector. After confirming the match, Kraken’s internal Red Team launched a deeper investigation using OSINT techniques to analyze breach records and data tied to the email account.
That search uncovered a broader network of fake identities. The individual behind the application had created multiple aliases, some of which had already been hired at other companies. The team found work emails tied to these fake names.
One of them belonged to someone on an international sanctions list as a known foreign agent. The fake resume was connected to a GitHub account with a breached email, and the submitted ID appeared altered. The candidate used remote colocated Mac desktops and routed all traffic through a VPN — a setup designed to hide their real location.
Kraken said the ID likely came from a two-year-old identity theft case. At that point, the security team had enough evidence to consider the applicant part of a state-level infiltration campaign — not a solo scammer.
Kraken runs a full sting operation through interview process
Instead of cutting off communication, Kraken’s recruitment and security teams pushed forward with the process. The applicant was moved through various rounds, including infosec skill assessments and identity verifications.
The final interview involved Kraken’s Chief Security Officer Nick Percoco, who met the candidate with a group of other staff members for what the company labeled a “chemistry interview.”
During that call, Nick and his team inserted verification prompts into the conversation. They asked the applicant to confirm their location, show a government ID, and name local restaurants in the city they claimed to live in. The applicant couldn’t keep up.
They hesitated, gave unclear answers, and failed basic questions about their own alleged hometown. The performance collapsed under pressure, revealing that the applicant had no real knowledge of the location they claimed or the identity they were using.
At the end of the interview, Kraken said it was clear this wasn’t a real applicant. It was a foreign-backed imposter using a fake identity to try to gain insider access to the crypto company.
Nick confirmed the incident in a public statement, saying: “Don’t trust, verify. This core crypto principle is more relevant than ever in the digital age. State-sponsored attacks aren’t just a crypto or U.S. corporate issue – they’re a global threat. Any individual or business handling value is a target, and resilience starts with operationally preparing to withstand these types of attacks.”
Kraken said they were releasing the full details of the case to warn other crypto firms that traditional hiring pipelines are now being used as infiltration tools by foreign governments. The exchange also noted that North Korea-linked hackers had stolen over $650 million from crypto firms in 2024, with job application schemes becoming a new trend.
Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot