Crypto exchange Kraken’s latest security disclosure. Published on 1 May 2025 under the blunt title “How we identified a North Korean hacker who tried to get a job at Kraken,”.
The account describes how a seemingly routine hiring process morphed into what the exchange openly calls “an intelligence gathering operation.”
Kraken’s team launched a dive that exposed what it calls “a larger network of fake identities and aliases” spreading across the crypto employment market.
With the evidence mounting, Kraken opted for misdirection rather than immediate rejection. The company advanced the applicant through successive stages—in effect baiting the hook. “Instead of tipping off the applicant, our security and recruitment teams strategically advanced them through our rigorous recruitment process – not to hire, but to study their approach,”.
This underscores that the crypto sector’s attack surface is no longer confined to code repositories or hot-wallet infrastructure; it extends to the HR inbox.
“Not all attackers break in, some try to walk through the front door,” Kraken writes, adding that “Generative AI is making deception easier, but isn’t foolproof… genuine candidates will usually pass real-time, unprompted verification tests.
Kraken closes its narrative with a reminder that the candidate was part of the North Korean campaign which, by third-party estimates cited in the post, siphoned more than $650 million from crypto firms in 2024.
The message is sober and unsentimental: “Sometimes, the biggest threats come disguised as opportunities.”