- Kraken uncovers infiltration attempt: North Korean hacker tried to get a job
- Kraken chose not to reject the candidate and instead studied the attacker’s tactics
- The team used the interview process for OSINT analysis
- They also uncovered fake IDs, VPN usage, and a GitHub account linked to a leaked email
- They traced the candidate to a wider network of compromised identities
Kraken uncovered an infiltration attempt: North Korean hacker tried to get a job — but instead of rejecting the candidate, Kraken studied the attacker’s tactics in real-time, providing multiple insights valuable to the entire industry.
Kraken Evaluated a North Korean Hacker’s Infiltration Attempt
We’re seeing yet another instance of blockchain-based platforms and crypto companies being targeted in what appears to be a covert but widespread campaign by North Korean hackers.
This time, the target was Kraken, one of the top crypto platforms, which has now provided the industry with invaluable data by publicly sharing how the event unfolded. Specifically, a candidate applying for an engineering role initially joined a call under a different name than the one listed on their resume and switched between voices during the interview — indicating that they were likely being coached in real time.
The behavior raised red flags, and Kraken quickly recognized the pattern. Their Red Team was engaged and initiated an OSINT investigation. This included analyzing breach data, identity clusters, and online activity. The investigation confirmed that the individual was tied to a broader network of aliases and forged identities — one of which was directly linked to a person on international sanctions lists.
Among the technical indicators:
- the candidate used remote-colocated Mac desktops in combination with a VPN
- the GitHub profile in the resume was associated with an email found in a past data breach
- the primary form of ID appeared to be forged, likely based on identity theft from two years prior
Kraken then moved to a final round interview with Chief Security Officer Nick Percoco, designed to collect further intelligence and validate the threat. The interview was framed as a casual conversation, but it included spontaneous verification steps:
- asking the candidate to show a government-issued ID
- confirming their physical location
- asking them to name local restaurants in the city they claimed to be in
The candidate failed to respond convincingly, became evasive, and couldn’t verify basic personal details. In Kraken’s official statement, CSO Nick Percoco commented:
“Don’t trust, verify. This core crypto principle is more relevant than ever in the digital age. State-sponsored attacks aren’t just a crypto, or U.S. corporate, issue – they’re a global threat. Any individual or business handling value is a target, and resilience starts with operationally preparing to withstand these types of attacks.”
Key Insights from Kraken
- Security isn’t just an IT function — it’s an organizational responsibility
- Not all threats come from the outside — some walk in through the front door
- Generative AI makes deception easier, but real-time verification still works
- Identity checks and operational vigilance are essential layers of defense
