North Korea Hackers Target Kraken With Fake Job Applications
1min read Kraken, a prominent US-based cryptocurrency exchange, recently revealed an incident where a North Korean hacker attempted to infiltrate the company by applying for a job. The process, which began as a routine hiring procedure for an engineering position, quickly escalated into an intelligence-gathering operation for Kraken's security team.
The applicant's suspicious behavior became apparent early in the interview process. They joined the interview under a different name than the one used in their application and occasionally switched voices, suggesting they were being guided through the interview. Instead of immediately rejecting the applicant, Kraken decided to advance them through the hiring process to gather more information about the tactics being employed.
International sanctions have isolated North Korea from the global community, leading the Kim regime to target cryptocurrency companies and users to bolster the country's financial resources. North Korea has already stolen billions worth of cryptocurrency this year alone. Kraken was alerted by industry partners that North Korean actors were actively applying for jobs at various cryptocurrency companies. The exchange received a list of email addresses linked to a hacker group, one of which matched the email used by the candidate applying to Kraken.
With this information, Kraken's security team uncovered a network of fake identities used by the hacker to apply to multiple companies. The applicant's resume was linked to a GitHub profile containing an email address exposed in a past data breach. The candidate's primary form of ID appeared to be altered, likely using details stolen in an identity theft case two years prior. Technical inconsistencies, such as the use of remote Mac desktops through VPNs and altered identification documents, further raised suspicions.
During the final interviews, Kraken's chief security officer, Nick Percoco, conducted trap identity verification tests that the candidate failed, confirming the deception. Percoco emphasized the importance of the core crypto principle, "Don't trust, verify," stating that state-sponsored attacks are a global threat, not just a concern for the crypto industry or US corporations.
North Korea-affiliated hacking collective Lazarus Group was responsible for the February $1.4 billion Bybit exchange hack, the largest ever for the crypto industry. North Korean-linked hackers also stole more than $650 million through multiple crypto heists during 2024, deploying IT workers to infiltrate blockchain and crypto companies as insider threats. In April, a subgroup of Lazarus was found to have set up three shell companies, with two in the US, to deliver malware to unsuspecting users and scam crypto developers.
