Kraken Uncovers North Korean Spy Among Job Applicants

A North Korean hacker attempted to infiltrate the ranks of Kraken’s developers by posing as a candidate for an engineering position.

According to the team’s report, the applicant immediately raised suspicions. He joined the initial online interview under a name different from the one on his resume, but quickly changed it. During the conversation, the candidate “periodically changed intonations,” as if someone was giving him instructions in real-time.

Industry partners warned the company about the likelihood of encountering a spy among potential employees and provided a list of email addresses linked to a group of North Korean hackers. The Kraken candidate used one of the listed addresses when applying.

The exchange’s specialists initiated an investigation, which uncovered a network of fake identities and pseudonyms under which the hacker attempted to secure employment in the crypto industry and other sectors. In some cases, the perpetrator succeeded in obtaining the desired position.

Upon closer examination, experts discovered attempts by the hacker to conceal his location and fake documents with someone else’s data.

The team put the spy candidate through several rounds of interviews and checks to gather information about his identity and tactics. At the final online meeting, the hacker was asked to show identification and recommend establishments in the city where he claimed to reside. These routine checks caught the applicant off guard, and he failed to provide convincing answers.

“Don’t trust, verify. This core principle of cryptography is more relevant than ever in the digital age. State-sponsored attacks are not just a problem for cryptocurrencies or American corporations; they are a global threat,” commented the firm’s head of security, Nick Percoco.

Kraken specialists noted that as cyber threats evolve, maintaining security increasingly relies on a comprehensive proactive approach:

“A culture of productive paranoia is key.”

In April, the group Contagious Interview, linked to the North Korean hacker organization Lazarus, registered three shell companies to distribute malware.