admin 
According to the company’s blog post, a North Korea-linked hacker recently attempted to infiltrate Kraken’s internal systems by applying for a job. However, Kraken’s security and recruitment teams detected the attempt early and turned the process into an intelligence operation.
From Recruitment to Espionage Detection at Kraken
The incident began with a seemingly routine application for an engineering position. But the candidate’s behavior quickly raised red flags. In the first interview, the applicant joined under a different name than the one listed on their resume, then quickly changed it. Additionally, they occasionally used different voice tones, suggesting they were being coached in real time during the interview.
Kraken had already received warnings from industry partners that North Korean hacker groups were actively applying for jobs at crypto companies. When one of the email addresses used by the applicant matched a suspicious address from these warnings, Kraken’s Red Team (penetration testing unit) launched an investigation.
Using Open-Source Intelligence (OSINT) methods, Kraken’s team researched the applicant. They found that the email address had been leaked in a past data breach and was linked to multiple fake identities. Some of these identities had even been hired by other firms, and one of them belonged to a foreign agent listed under sanctions.
The candidate was also hiding their location using a VPN and accessing remote Mac desktops. The GitHub profile listed on their resume was tied to a previously exposed email. The identification document provided appeared to be fake and likely created using information stolen during a 2019 identity theft case.
The Hacker’s Downfall
Rather than cutting off contact, Kraken advanced the applicant through the hiring process — not to hire them, but to study their tactics. The candidate was subjected to several cybersecurity assessments and identity verification tasks. The final round? A “casual” interview with Kraken Chief Security Officer (CSO) Nick Percoco and other team members.
During this meeting, the applicant faced real-time verification questions: confirming their location, showing a government-issued ID, and even recommending some local restaurants in the city they claimed to live in. The hacker became visibly nervous and flustered, unable to answer the basic questions. It was now clear: this was not a legitimate job seeker, but a state-sponsored attacker attempting to infiltrate the company.
Kraken CSO Nick Percoco commented on the event:
Don’t trust, verify. That’s a core principle of the crypto world and even more critical in the digital age. State-sponsored attacks aren’t just an American issue — they’re a global threat. Any person or business managing value is a potential target.
You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates