Briefly,
- Kraken has identified an applicant who used a fake identity during the interview process and was suspected of coaching.
- Investigations linked the candidate to an established network of North Korean agents.
- Infiltration efforts by the state are aided through fake profiles, remote work and digital deception.
After a candidate raised the suspicion that he was a North Korean agent, a routine interview turned into an investigation.
Kraken decided to carry on with the interviews rather than stop them, in order to get a better understanding of the tactics used.
What began as a standard hiring process for a remote engineering role escalated into what Kraken described as an "intelligence-gathering operation," the company said in a You can also blog about it Post published on Thursday
North Korea You can also try The efforts to penetrate crypto and technology companies has increased in the last few years. The regime regards the industry as an Profitable target.
The regime can gain access to sensitive information and malicious code by embedding agents inside companies. These operations have been made easier to hide by remote work and hiring policies that are global. These companies have been accused of being behind the creation of terrorist organizations. Fake U.S. Crypto firms To target developers
Red Flags
Red flags were raised immediately for Kraken. The candidate entered a video chat using a different name than the CV, and then changed the name during the call. It appeared that the individual switched between voices during the conversation, which could indicate real-time training.
Kraken reported that partners had informed it about North Korean operatives who were applying to crypto companies. The candidate’s email address matched those flagged by sources in the industry.
Internal investigation connected the email to an extensive network of aliases. Some had secured jobs at other companies. A sanctioned agent was connected to one identity.
The GitHub account listed on the CV was linked to an email that had been exposed during a previous data breach. The ID provided during the application process was allegedly falsified, and could have been based on stolen data from an earlier identity theft.
In order to hide his location, the candidate used a VPN-connected remote Mac computer.
During the final interview with Nick Percoco, Kraken's Chief Security Officer, and other team members, Kraken introduced spontaneous verification requests, such as showing a government ID, verifying their city of residence, and naming local restaurants.
The candidate unraveled at this stage. “They were flustered, caught unawares and unable to answer the real-time verification questions regarding their country or city of citizenship,” Kraken stated.
Kraken has declined the job.
According to the company, the incident highlights the importance of organizations remaining vigilant against sophisticated state-sponsored intrusion attempts.
"Don’t trust, verify. This core crypto principle is more relevant than ever in the digital age," said Percoco. "State-sponsored attacks aren’t just a crypto or U.S. corporate issue — they’re a global threat."
Sebastian Sinclair is the editor
