How Kraken Outsmarted North Korean Hacker Posing as Job Applicant

How Kraken Outsmarted North Korean Hacker Posing as Job Applicant
Photo by Bundo Kim / Unsplash

Kraken’s security team thwarted a sophisticated infiltration attempt by a North Korean hacker posing as a job applicant. By carefully advancing the candidate through its recruitment process, Kraken identified a larger network of fake identities tied to state-sponsored cyberattacks.

Fake IDs, VPNs, and Github: Inside Kraken’s Hunt for a State-Sponsored Hacker

In a striking example of cybersecurity vigilance, crypto exchange Kraken has revealed it recently uncovered and neutralized an attempt by a North Korean hacker to infiltrate the company via its hiring process.

According to its official blog post on the event, what began as a routine engineering job application quickly raised red flags. The applicant used inconsistent names, switched voices mid-interview (suggesting live coaching), and operated through cloaked systems like colocated Macs and VPNs. Crucially, their email matched intelligence shared by industry partners about known hacker networks targeting crypto companies.

Rather than reject the candidate immediately, Kraken’s security team strategically advanced them through its recruitment pipeline. The aim? To collect intelligence. Using OSINT tools and breach data analysis, the team uncovered a network of fake identities linked to the suspect, including past work credentials and even a sanctioned foreign agent alias.

The ruse unraveled during a final interview with Kraken’s CSO, where identity verification prompts like showing ID and answering local trivia exposed the applicant as an imposter. Commenting on the event, Kraken CSO Nick Percoco, said:

State-sponsored attacks aren’t just a crypto, or U.S. corporate issue, they’re a global threat. Any individual or business handling value is a target, and resilience starts with operationally preparing to withstand these types of attacks.

Kraken’s experience highlights a growing threat in crypto: attackers now walk through the front door, not just breach the firewall. With AI aiding deception, companies must apply dynamic, real-time verification methods and foster a culture of security awareness across all departments, not just IT.

Read more