North Korean Hacker Poses as Job Applicant to Target Kraken

In a striking demonstration of modern cybersecurity vigilance, cryptocurrency exchange Kraken successfully identified and thwarted a North Korean hacker’s attempt to infiltrate its operations through code, but via the company’s recruitment process.

This episode, now public, underscores the evolving tactics of state-sponsored cybercriminals and the critical need for robust security protocols across all business functions.

A New Attack Vector: The Hiring Process

The incident began as a routine application for a software engineering role at Kraken.

Early in the process, however, recruiters noticed red flags.

The candidate joined an initial call under a different name than the one listed on their résumé and, at times, switched voices mid-interview strong indicator of real-time coaching by accomplices.

Industry partners had previously warned Kraken that North Korean actors, including the notorious Lazarus Group, were actively targeting crypto companies by posing as job seekers.

When Kraken cross-referenced the applicant’s email address with intelligence from these partners, they discovered it was linked to a network of fake identities used in prior infiltration attempts.

Technical Forensics and OSINT Uncover the Ruse

Armed with this intelligence, Kraken’s Red Team launched a full-scale investigation using Open-Source Intelligence (OSINT) techniques.

They analyzed breach data, uncovering that the candidate’s email was associated with multiple aliases, some of which had already secured jobs at other crypto firms.

Alarmingly, one identity in this network was flagged as a foreign agent on international sanctions lists.

Further technical inconsistencies emerged:

• The applicant accessed interviews using colocated Mac desktops routed through Virtual Private Networks (VPNs), a common tactic to mask geographic location and network activity.
• Their résumé linked to a GitHub profile containing an email address exposed in a previous data breach.
• The primary form of identification provided was likely altered, with details matching a known identity theft case from two years prior.

Turning the Tables: A Sting Operation

Rather than immediately rejecting the applicant, Kraken’s security and recruitment teams advanced them through several rounds of technical and behavioral interviews.

This strategy was designed not to hire, but to gather intelligence on the hacker’s methods and operational playbook.

The final round was a carefully orchestrated “chemistry interview” with Chief Security Officer Nick Percoco and other team members.

During this session, the team embedded subtle but revealing verification steps-such as two-factor authentication prompts, requests for real-time location verification, and questions about local restaurants in the city the candidate claimed as home.

Flustered and unable to provide convincing answers, the candidate quickly unraveled, confirming suspicions of a state-sponsored infiltration attempt.

A Broader Threat to the Crypto Industry

This episode is part of a broader pattern: North Korean hackers, especially the Lazarus Group, have stolen billions from the crypto sector in recent years, using increasingly sophisticated social engineering and technical exploits.

In 2024 alone, North Korean actors reportedly stole over $650 million from crypto firms, often laundering assets through mixers and shell companies.

Key Takeaways for Cybersecurity

Kraken’s experience highlights the necessity of a holistic, proactive approach to security.

Attackers are no longer just breaching firewalls- they’re attempting to walk through the front door by exploiting human resources processes.

As CSO Nick Percoco summarized:

For organizations across sectors, the lesson is clear: every interaction, even a job application, can be an attack vector.

Vigilance, layered verification, and a culture of “productive paranoia” are essential defenses in the modern threat landscape.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates