Kraken Traps North Korean Hacker Who Applied for Engineering Job ‘to Learn Their Tactics’

How A North Korean Hacker Got Caught Trying To Land A Job At A Crypto Firm

It wasn’t just another job application for Kraken.

When the US-based crypto exchange began its usual hiring process for an engineering role, something felt off — and what started as routine soon became an internal counterintelligence operation.

Kraken revealed that it had been tipped off by industry contacts that North Korean hackers were actively targeting crypto companies by posing as job applicants.

So when one suspicious CV landed on their desk, the team decided not to reject it outright.

Instead, they let the process play out, using the opportunity to gather intelligence about the attacker’s methods.

What Gave The Hacker Away During The Interview Process

From the first interview, inconsistencies began to emerge.

The candidate used a different name during a video call than the one listed on his application.

The voice reportedly shifted during the conversation, raising further suspicion.

As the interviews progressed to the final round, Kraken’s recruitment and security teams laid subtle traps.

A series of live tests were designed to challenge the applicant's claimed identity — including requests for real-time location verification and recommending local restaurants in the city they claimed to live in.

Kraken described how the candidate became visibly shaken,

“At this point, the candidate unraveled. Flustered and caught off guard, they struggled with the basic verification tests and couldn’t convincingly answer real-time questions about their city of residence or country of citizenship.”

Flustered by an unexpected food recommendation question during the final interview, the North Korean candidate "Steven Smith" responded awkwardly with "Nothing special here."

Fake IDs And A Web Of Aliases

Digging deeper, Kraken’s investigators found that the email address used in the application was tied to a wider network of fake identities.

Forensic analysis of the applicant's ID revealed signs of tampering, possibly incorporating stolen personal information from victims of identity theft.

According to Kraken, the hacker wasn't acting alone.

The company stated,

“One individual had established multiple identities to apply for roles in the crypto space and beyond. Several of the names had previously been hired by multiple companies”

Adding on, there was also an alias belonging to someone already listed on international sanctions as a foreign agent.

State-Sponsored Threats Are Evolving And Walking In Through The Front Door

Nick Percoco, Kraken’s Chief Security Officer, warned this tactic is becoming a “global threat.”

In its official statement, Kraken warned that today’s cyber threats don’t always start with a breach attempt.

As Kraken described it,

“Not all attackers break in, some try to walk through the front door.”

Kraken noted that while AI is helping threat actors create more convincing identities, human-led verification processes still work.

Simple human interaction, like varying location-based requests or facial ID checks during live calls, can still reveal the truth and helps avoid predictable verification patterns.

Crypto Firms Face Ongoing Risks From North Korean Cyber Campaigns

This latest incident adds to the growing concern over North Korea’s involvement in crypto-related cybercrime.

Research by Google’s Threat Intelligence Group has shown that North Korean IT workers are actively seeking jobs at companies in the US and Europe — generating revenue for the regime through legitimate salaries and, in some cases, by blackmailing employers.

TechCrunch previously reported that state-backed North Korean groups were behind over $650 million in crypto theft during 2024 alone.

In February, Arkham Intelligence linked the Lazarus Group to the massive Bybit hack, which saw over $1.5 billion stolen — marking it as the largest crypto heist to date.

Kraken’s approach may have prevented another breach — not with firewalls, but by turning the hiring process into a trap.