U.S.-based cryptocurrency exchange Kraken has shared details of how it identified a suspected North Korean hacker posing as a job applicant.
In a blog post published on May 1, Kraken described what started as a standard interview for an engineering position but quickly evolved into an internal investigation.
The exchange noticed early warning signs when the candidate used a different name than the one listed in the application and appeared to be receiving real-time guidance during the call, even switching between voices.
Instead of immediately rejecting the application, Kraken continued the interview process to gather intelligence on the methods being used.
Due to international sanctions, North Korea is largely isolated and has turned to cybercrime—particularly targeting crypto firms—to fund its regime. Reports suggest North Korean hackers have already made off with billions in digital assets in 2024.
Kraken noted that it had received a tip from industry contacts warning that North Korean-linked individuals were attempting to secure jobs within crypto firms.
“We were provided with a list of suspicious email addresses tied to known threat actors, and one of them matched the applicant’s,” Kraken stated.
The company’s security team then uncovered a network of false identities, revealing that the same individual had applied to multiple companies using different names.
Other red flags included the use of VPNs to access remote Mac machines, inconsistencies in documentation, and a resume tied to a GitHub account with a compromised email address from a prior data breach. Kraken also found the candidate’s main ID appeared to have been tampered with, possibly using information from an identity theft case two years ago.
During the final stage, Chief Security Officer Nick Percoco ran targeted identity tests, which the applicant failed—confirming the deception.
“Trust should never be assumed — it must be verified,” said Percoco. “Nation-state cyber threats are not limited to crypto; they’re a broader global issue.”
Lazarus Group Behind Massive Crypto Heists
The Lazarus Group, a hacker organization linked to North Korea, was behind the $1.4 billion theft from the Bybit exchange in February—marking the biggest crypto hack to date.
So far in 2024, North Korean attackers have stolen over $650 million through various crypto exploits and have attempted to infiltrate companies by posing as legitimate IT workers, according to a joint alert from the U.S., Japan, and South Korea.
In another discovery from April, one Lazarus subgroup reportedly established three fake businesses—two of them in the U.S.—to spread malware and scam developers in the crypto space.
For more news, find me on Twitter Giannis Andreou and subscribe to My channels Youtube and Rumble
What is your opinion on this particular topic? Leave us your comment below! We are always interested in your opinion!
