- During the interview, Kraken found a fake applicant using voice tricks and false names.
- The email used by the hacker matched records tied to known cybercrime and breaches.
- Tests revealed the hacker failed to confirm their location or show real ID documents.
In a stunning example of cyber defense in action, Kraken foiled an alleged infiltration attempt by a North Korean state-sponsored hacker who posed as an engineering job applicant. The exchange’s security and recruitment team made the candidate advance to the next level to uncover their methods. As the interview progressed, mismatched identities, voice inconsistencies, and altered documents posed as red flags. The interview enabled Kraken to highlight significant security gaps in hiring at digital currency firms.
Red Flags Spark Deep Internal Probe
The exchange found the candidate suspicious, right when the interview commenced. In the video call, initiated by the firm, the candidate used another name, different from the one in his resume. When he was confronted over the name change, the applicant quickly rectified the mistake, raising alarm among the recruiting team.
Moreover, the candidate’s voice changed periodically during the interview, indicating possible real-time coaching by a third party, a tactic commonly used in coordinated cyber operations. According to Kraken, “The frequent shifts suggested the applicant wasn’t acting alone.”
Industry partners had previously shared warnings about state-affiliated hackers targeting jobs in crypto startups. Kraken had obtained a list of flagged email addresses associated with known North Korean hacking groups, wherein one of the email addresses matched that of the candidate, used in the interview.
Kraken’s Red Team launched a background investigation using Open-Source Intelligence (OSINT) techniques and cross-referenced the email against breach data, discovering ties to fake identities used in prior attacks.
Technical Traps and OSINT Confirm Threat
Subsequent investigations also revealed that the GitHub profile of the candidate matched that of a limited email account compromised in an earlier breach. Additionally, the candidate worked on a colocated Mac desktop that was accessed via VPN, disguising its real location.
The identity card submitted was reportedly modified and linked to a known identity theft case. Despite the clues, Kraken intentionally moved the candidate to the next level to observe and expose their tactics. According to Chief Security Officer Nick Percoco, “The goal was not to recruit, but to reveal.”
The applicant was given a range of technical and identity verification tests, which include location verification, ID authentication, and cybersecurity knowledge assessments. During the final interview, Kraken added location-based questions and two-factor prompts.
Related: CEX Kraken Eyes $1B Debt Raise Before Potential IPO
Last Interview Reveals Hidden Intentions
This final round, hosted by CSO Nick Percoco and other senior staff, was held to subtly verify the applicant’s claimed location and identity. The Kraken team requested that the applicant verify their identity, provide a government document, and answer questions based on their citizenship. Every question was designed to reveal some inconsistencies, and due to pressure, the candidate faltered and failed to provide relevant answers.
With this, the interrogation ended without any ambiguity. The exchange confirmed an infiltration attempt by a nefarious contender trying to access the internal systems. Kraken stated that the candidate was not an engineer, but a state-backed threat actor using deceptive means to penetrate the infrastructure.
