Suspected North Korean Hacker Caught Applying at Kraken

A job application at Kraken led to an unexpected confrontation with a suspected North Korean agent posing under a fake identity. The incident, first reported by CBS News, has highlighted the ongoing risk of infiltration in the crypto sector.

Good to know

• The United Nations estimates that North Korea earns up to $600 million a year by planting agents in foreign companies.
• Kraken used the opportunity to gather intelligence rather than simply reject the application.
• Fake resumes and altered identification are common tactics used in cyber infiltration schemes.

Kraken’s security team received an application for an IT role from someone using the name “Steven Smith.” The applicant listed a background in computer science from New York University and claimed more than ten years of experience at U.S.-based companies like Cisco and Kindly Human. However, the application quickly raised red flags.

Instead of turning the applicant away, Kraken’s Chief Security Officer Nick Percoco decided to move forward with the interview process. His team suspected that the candidate was tied to North Korea and could be part of a broader effort to steal funds and data.

ID card raises more questions

During the interview, the man claimed to be from Houston, Texas. When asked to show identification, he sent a screenshot of a driver’s license that showed a different spelling of the name – “Stephen Smith” – and an address that was about 300 miles from the one he initially claimed.

Percoco explained the reasoning behind continuing the interaction, saying, “We like to look the attackers right in the eyes. Some people might call it trolling as well. We call it security research.” He added that such individuals often aim to steal intellectual property, company funds, and even draw salaries, all while serving North Korea’s goals.

The United Nations has warned about these operations for years. North Korean hackers often disguise themselves and apply for remote roles in sectors like finance and tech, particularly targeting crypto companies. The aim is not just theft, but also access to systems and networks that can be exploited for further cyberattacks.

In this case, the applicant had already landed on a “Do Not Hire” list used to track flagged individuals attempting to gain employment under false pretenses.

You can find more on the matter in the below video: