Kraken Catches North Korean Hacker Posing as Job Applicant in Major Crypto Security Breach
By: coinchapter|2025/05/02 22:00:05
0
Share
Kraken, a major crypto exchange, exposed a North Korean hacker who applied for a job using a fake identity. The incident was revealed in a May 1 blog post. The person posed as an engineering candidate named Steven Smith. Kraken’s security and recruitment teams moved the candidate through the hiring process to investigate. They later confirmed that the applicant was part of a wider network tied to North Korean state-sponsored cybercrime. The person used a suspicious email connected to known North Korean hacker activity. The candidate changed their name during interviews and altered their voice several times. Kraken also detected signs of outside coaching. Fake Identities and Technical Red Flags Detected An internal Open-Source Intelligence (OSINT) investigation exposed the use of multiple fake identities by the applicant. Several of these identities had prior links to crypto firms. One of them appeared on the U.S. sanctions list. Kraken identified clear inconsistencies during the process. The applicant accessed remote Mac computers through a Virtual Private Network (VPN). They also submitted altered identification documents. These actions raised concerns about planned infiltration. During the final interview, Kraken’s Chief Security Officer Nick Percoco questioned the applicant. The hacker failed to confirm their location or citizenship. Percoco told CBS. Huione Group Accused of Aiding North Korean Crypto Crimes The Financial Crimes Enforcement Network (FinCEN) proposed banning the Huione Group from the U.S. financial system. The Cambodia-based group allegedly helped North Korean hackers move stolen funds. U.S. Treasury Secretary Scott Bessent stated, FinCEN found that Huione laundered over $4 billion between August 2021 and January 2025. Their platforms—Huione Pay, Huione Crypto, and Haowang Guarantee—were used for payment services connected to crypto crimes. The ban would block Huione from accessing U.S. correspondent banking services. Officials said this would weaken DPRK cybercrime operations and disrupt money laundering channels. DPRK Hackers Use Social Engineering and Malware to Target Crypto North Korea-linked hackers stole more than $659 million from crypto firms in 2024. The U.S., Japan, and South Korea released a joint statement confirming these incidents. The statement said that hackers used social engineering, fake job applications, and malware such as AppleJeus and TraderTraitor to access internal systems. North Korean IT workers were also identified as insider threats to private crypto companies. These workers often apply for remote roles, pretending to be citizens of other countries. Once hired, they can access sensitive data or move funds internally. North Korean Lazarus Group Tied to Major Crypto Theft Cases Moreover , the Lazarus Group, North Korea’s state-backed hacker unit, has been linked to several large attacks. These include crypto thefts from Bybit, Upbit, Radiant Capital, and DMM Bitcoin. Blockchain researcher ZachXBT found that some decentralized finance (DeFi) protocols rely heavily on transactions from North Korea. In some cases, nearly 100% of monthly traffic came from DPRK-linked wallets. Above all, Kraken’s exposure of the job applicant confirms the growing pattern of North Korean hacker groups targeting the crypto industry. The incident adds to the list of DPRK-linked cyber attacks that use employment and social engineering as entry points.
You may also like
Crypto Long & Short: With MSTR concerns assuaged, look to traditional signals around BTC
What are RWA perpetuals? Trading stocks and commodities as crypto perps
OpenAI lands GPT-5.6 approval as traders rush pre-IPO futures
What is liquidation in crypto? Margin calls, health factors, and how positions die
Venezuela entrusts taxes to 'cryptocurrency expert' - is USDT under scrutiny?
US Power Grid Issues Red Alert Amid Heatwave, Is Bitcoin Mining the Scapegoat?
Central Banks, Parliaments, and Atlantic Players at the Euro Stablecoin Table
What are tokenized stocks? How equities are moving on-chain, explained
Zcash Co-founder Wants More Than 21 Million Bitcoins
Bankers Filed Suspicious Activity Report Over Farage's £5M Gift From Tether Billionaire
Analysis: Bitcoin May Enter a Phase of Bottoming Out, Selling Does Not Trigger Panic
BNB Chain builds new Layer 1 for agentic trading, targets 2027 mainnet
Witnesses of South Korea's 'Golden Era': Foreign Capital Profits, Retail Investors Take Over
The Quality of Currency Depends on the Credibility of Its Issuer
How Cryptocurrency Payments Work in Businesses
Is the Storage Cycle Peaking? Here’s a 'Fundamental Psychological Massage' from Bank of America
Upbit operator Dunamu wins bid for South Korea police crypto custody contract
ADI's Hidden Victory: From World Cup Entry to Traditional Financial Ecosystem
Crypto Long & Short: With MSTR concerns assuaged, look to traditional signals around BTC
What are RWA perpetuals? Trading stocks and commodities as crypto perps
OpenAI lands GPT-5.6 approval as traders rush pre-IPO futures
What is liquidation in crypto? Margin calls, health factors, and how positions die
Venezuela entrusts taxes to 'cryptocurrency expert' - is USDT under scrutiny?
US Power Grid Issues Red Alert Amid Heatwave, Is Bitcoin Mining the Scapegoat?
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
