Kraken Thwarts North Korean Hacker Attempting Job Infiltration
2min read Kraken, a prominent cryptocurrency exchange, recently detailed an incident where it successfully identified a North Korean hacker during a job interview process. The hacker, who was attempting to infiltrate the organization, was detected through a meticulous vetting process that included background checks and technical assessments. This incident highlights the ongoing threat posed by state-sponsored cyber actors and the importance of robust security measures in the cryptocurrency industry.
Ask Aime: How safe are my investments in the crypto market?
The hacker, who applied for a position at Kraken, was part of a broader campaign by North Korean cyber operatives to infiltrate technology firms and cryptocurrency exchanges. These operatives often use fake identities and credentials to gain employment, allowing them to access sensitive information and potentially exploit vulnerabilities from within. Kraken's security team, however, was able to detect the hacker's true intentions through a combination of technical analysis and behavioral indicators.
During the interview process, the hacker's responses and behavior raised red flags among Kraken's security experts. The team noticed inconsistencies in the applicant's background and technical knowledge, which prompted further investigation. Additionally, the hacker's attempts to evade certain security protocols and questions about the company's security practices were seen as suspicious. These observations led Kraken to conclude that the applicant was not who they claimed to be and was likely part of a state-sponsored cyber operation.
Kraken's Chief Security Officer, Nick Percoco, emphasized the importance of thorough vetting processes in preventing such infiltration attempts. He noted that while the company receives numerous job applications, it is crucial to conduct comprehensive background checks and technical assessments to ensure the integrity of its workforce. Percoco also highlighted the need for continuous monitoring and updating of security protocols to stay ahead of evolving threats.
The incident serves as a reminder of the sophisticated tactics employed by state-sponsored hackers and the importance of vigilance in the cryptocurrency industry. As cryptocurrency exchanges and technology firms continue to attract the attention of cyber criminals, robust security measures and thorough vetting processes are essential to protect against potential breaches. Kraken's successful identification of the North Korean hacker demonstrates the effectiveness of its security protocols and underscores the company's commitment to safeguarding its operations and clients.
International sanctions have effectively cut North Korea off from the rest of the world, and the country’s ruling Kim family dictatorship has long targeted crypto companies and users to top up the country’s coffers. It’s stolen billions worth of crypto so far this year. The applicant’s resume was linked to a GitHub profile containing an email address exposed in a past data breach, and the exchange said the candidate’s primary form of ID “appeared to be altered, likely using details stolen in an identity theft case two years prior.”
During final interviews, Kraken chief security officer Nick Percoco conducted trap identity verification tests that the candidate failed, confirming the deception. North Korean-linked hackers also stole more than $650 million through multiple crypto heists during 2024, while deploying IT workers to infiltrate blockchain and crypto companies as insider threats. In April, a subgroup of Lazarus was found to have set up three shell companies, with two in the US, to deliver malware to unsuspecting users and scam crypto developers.
_cbf77e8c1748017079428.jpeg)
