Kraken has exposed an elaborate infiltration attempt by a suspected North Korean hacker who posed as a job applicant for an engineering role, highlighting growing concerns over state-backed cyber threats in the digital asset industry.
In a blog post, Kraken revealed how a seemingly routine recruitment process evolved into a covert intelligence operation after early warning signs raised suspicions. The candidate, who used a different name during the interview than in the original application, was observed frequently switching voices — a sign the interview was being externally guided.
Rather than dismissing the applicant outright, Kraken allowed the hiring process to proceed under close observation, aiming to gather intelligence on the tactics and strategies employed. The company’s security team later confirmed that the individual was tied to a wider network of fraudulent identities to target crypto firms — a method increasingly favoured by North Korea’s cyber units.
Kraken received a tip regarding email addresses linked to North Korean operatives, one of which matched an applicant’s. An investigation revealed the use of VPNs, fake IDs made from stolen data, and access through remote Mac desktops. Digital forensics connected the resume to a breached GitHub account. Identity verification tests confirmed the applicant’s deception, resulting in rejection and escalation of the security issue.
“Don’t trust, verify. This core crypto principle is more relevant than ever in the digital age,”
Percoco said.
“State-sponsored attacks aren’t just targeting the U.S. or crypto — they’re a global cybersecurity threat.”
According to a joint statement by the U.S., Japan, and South Korea, the regime continues to deploy IT workers and operatives globally to infiltrate blockchain and Web3 firms. In April, authorities uncovered that a Lazarus subgroup had established three shell companies — including two based in the U.S. — as part of a broader scheme to distribute malware and target crypto developers.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”