U.S.-based cryptocurrency exchange Kraken has disclosed an attempted infiltration by a suspected North Korean hacker posing as a job applicant. The incident underscores the growing sophistication of state-sponsored cyber threats targeting the crypto industry.

According to a May 1 blog post by Kraken, the applicant applied for an engineering position using a name that differed from the one presented during the interview. Additionally, the candidate's voice changed intermittently, suggesting they were being coached in real-time. Rather than terminating the process immediately, Kraken continued the interview to gather intelligence on the tactics employed.

A tip from industry partners revealed that North Korean actors were actively applying for positions at crypto companies. Kraken cross-referenced the applicant's email with a list of addresses linked to known hacker groups, confirming suspicions. Further investigation uncovered a network of fake identities used to apply to multiple firms.

Technical inconsistencies were also noted, including the use of remote Mac desktops accessed via VPNs and altered identification documents. The applicant's resume was tied to a GitHub profile containing an email exposed in a past data breach. Moreover, the primary form of ID appeared to be manipulated, likely using details from a previous identity theft case.

During the final stages of the interview, Kraken's Chief Security Officer, Nick Percoco, conducted identity verification tests, which the candidate failed, confirming the deception. Percoco emphasized the importance of vigilance, stating, "Don't trust, verify. This core crypto principle is more relevant than ever in the digital age."

This incident is part of a broader pattern of North Korean cyber activities. The Lazarus Group, a state-sponsored hacking collective, has been linked to several high-profile crypto heists, including the $1.4 billion Bybit exchange hack in February. In 2024 alone, North Korean-linked hackers stole over $650 million through various crypto-related attacks.

Furthermore, a subgroup of Lazarus has established shell companies to distribute malware and scam crypto developers, highlighting the multifaceted approach of these cyber threats.

Kraken's proactive measures in this case serve as a reminder of the persistent and evolving nature of cyber threats in the cryptocurrency sector.