Kraken Flags Suspected North Korean Job Applicant Attempting to Infiltrate Exchange

A routine job interview at crypto exchange Kraken turned into a covert investigation after a job candidate raised suspicions of being a North Korean operative.

Rather than end the process, Kraken opted to continue the interviews to gather insight into the tactics being used.  

What began as a standard hiring process for a remote engineering role escalated into what Kraken described as an “intelligence-gathering operation,” the company said in a blog post published Thursday.

North Korea’s efforts to infiltrate crypto and tech companies have grown more aggressive in recent years. The regime sees the industry as a lucrative target.

By embedding operatives inside firms, the regime gains access to sensitive data and can deploy ransomware or malicious code. Remote work and global hiring practices have only made such operations easier to conceal. They have also been accused of creating fake U.S. crypto firms to target devs. 

Red flags

For Kraken, red flags emerged immediately. The candidate joined an initial video call using a name that did not match the one on their CV and changed it during the conversation. The individual also appeared to switch between different voices, indicating possible real-time coaching.

Kraken noted it had already received intelligence from partners about North Korean operatives applying for jobs at crypto companies. One email used by the candidate matched addresses flagged by industry sources.

An internal investigation tied the email to a larger network of aliases, some of which had already secured employment at other firms. One identity was linked to a sanctioned foreign agent. 

The GitHub profile listed on the resume was associated with an email exposed in a prior data breach. The ID submitted during the process appeared to be falsified and may have used stolen information from a previous identity theft case.

The applicant used a colocated remote Mac desktop accessed via VPN to obscure their location. 

During the final interview with Nick Percoco, Kraken’s Chief Security Officer, and other team members, Kraken introduced spontaneous verification requests, such as showing a government ID, verifying their city of residence, and naming local restaurants. 

“At this point, the candidate unraveled. Flustered and caught off guard, they struggled with the basic verification tests and couldn’t convincingly answer real-time questions about their city of residence or country of citizenship,” Kraken said.

Unsurprisingly, Kraken ultimately declined to proceed with the hire. 

The company said the experience underscores the need for organizations to remain vigilant against sophisticated, state-sponsored infiltration attempts.

“Don’t trust, verify. This core crypto principle is more relevant than ever in the digital age,” said Percoco. “State-sponsored attacks aren’t just a crypto or U.S. corporate issue — they’re a global threat.”

Edited by Sebastian Sinclair