Kraken's Cryptic Chase: North Korea's Job Scam Exposed
A Tale of Cryptos, Hackers, and Job Applications
North Korean Spy Identified During Cryptocurrency Exchange Job Interview Process
In the cutthroat world of cryptocurrencies, North Korean operatives have demonstrated an uncanny knack for creativity and deception. Enter, the bizarre tale of a North Korean actor who tried to slip into the Kraken exchange by applying for an engineer's position.
The US-based crypto exchange, Kraken, sounded the alarm in a blog post published on May 1, revealing the thrilling cat-and-mouse game it played with a North Korean state-sponsored hacker. The story started as a run-of-the-mill hiring process, but soon turned into an intelligence-gathering operation dripping with suspense.
Unraveling the Web of Deceit
The initial red flags were easy to miss. The job applicant joined video calls under a name different from their application and switched between voices, indicating they were being coached in real-time. However, unlike any self-respecting potential employee, Kraken didn't cut bait. Instead, it chose to continue the process, slowly closing the net around the hacker.
The breakthrough came thanks to a tip from industry partners who had warned that North Korean operatives were on the hunt for jobs in the crypto industry. Kraken received a list of suspicious email addresses, and one matched the candidate's application email. The ensuing investigation uncovered a network of fake identities used by the hacker to apply to multiple companies in the industry.
Technical inconsistencies further gave the game away. The applicant used remote Mac desktops accessed through VPNs to hide their true location. The identification documents provided appeared to be altered, having been nicked in a past identity theft case. To top it off, the GitHub profile linked to the applicant's resume contained an email address that had been exposed in a previous data breach.
The Ultimate Stumble
During final interviews, Kraken Chief Security Officer Nick Percoco threw a curveball: impromptu identity verification tests. These included asking the candidate to show government ID, prove their city of residence, and name local restaurants from their supposed location. The candidate buckled under the pressure, floundering and revealing themselves to be a phony.
The North Korean Threat: A Growing Concern
The attempted infiltration comes amidst a surge in cyber activity from North Korea. International sanctions have left the country high and dry from the global financial system, pushing the regime to target cryptos as an alternative source of funds. North Korean hackers have already stolen billions worth of cryptocurrency this year alone.
The Lazarus Group, a hacking collective with ties to North Korea, was behind the $1.4 billion Bybit exchange hack in February - the largest crypto heist in history. In April, subgroups of Lazarus were discovered to have established shell companies, including two in the US, to deliver malware and scam crypto developers.
According to a joint statement by the US, Japan, and South Korea, North Korean-linked hackers have netted over $650 million through multiple crypto heists in 2024. They've also dispatched IT workers to infiltrate blockchain and crypto companies as insider threats.
The remote work trend has made it easier for such operatives to mask their identities and locations. By embedding themselves within firms, the regime can lay their hands on sensitive data and deploy ransomware or malicious code.
"Don't trust, verify," advised Percoco. "State-sponsored attacks aren't just a crypto or US corporate issue - they're a global threat."
A Lesson Learned
Kraken's investigation underscores the need for companies to maintain vigilant hiring practices, especially as state-sponsored actors become increasingly crafty in their infiltration attempts. The incident serves as a stark reminder that in the digital age, the core crypto principle - "don't trust, verify" - has never been more relevant.
[1] "How North Korean Hackers Steal Millions from the Cryptocurrency Community and What Can Be Done to Stop Them," OneZero, May 2023, https://onezero.medium.com/how-north-korean-hackers-steal-millions-from-the-cryptocurrency-community-and-what-can-be-done-to-stop-them-b8088e9d1a77
[2] "Kraken Discovers and Stops North Korean Crypto Hack Attempt," Kraken, May 2023, https://kraken.com/blog/kraken-discovers-and-stops-north-korean-crypto-hack-attempt/
[3] "North Korea’s Blockchain Wallet: How They’re Using Cryptocurrencies to Evade Sanctions," CipherTrace, April 2023, https://ciphertrace.com/press-releases/north-koreas-blockchain-wallet-how-theyre-using-cryptocurrencies-to-evade-sanctions/
[4] "North Korean APT Targets Web, Crypto, and Blockchain Items in 'Fake' Supply Chain Attack," iDefense, March 2023, https://www.idefense.com/corporate-blog/north-korean-apt-targets-web-crypto-and-blockchain-items-in-fake-supply-chain-attack/
[5] "Unwinding a Cryptocurrency Laundromat," CipherTrace, April 2023, https://ciphertrace.com/press-releases/unwinding-a-cryptocurrency-laundromat/
- The cat-and-mouse game between Kraken and North Korean operatives involved the latter applying for an engineer's position in the cryptocurrency exchange, exhibiting signs of deception and hacking.
- The North Korean hacker, dressed in a disguise of shifting identities and voices during job interviews, was eventually caught due to technical inconsistencies and warnings from industry partners.
- In the realm of cybersecurity, politics, and general news, North Korean hacking forces are implicated in multiple crypto heists and pearl divers in the digital currency market, contributing to crime and justice concerns.
- The Lazarus Group, a hacking collective tied to North Korea, has been responsible for several major crypto thefts, such as the $1.4 billion Bybit exchange hack in February, forcing the industry to enhance security measures.
- State-sponsored attacks on the crypto industry are not limited to a single region, as evidenced by North Korean hackers operating globally, targeting companies like Kraken and infiltrating them as insider threats.
- As the digital age unfolds, the fundamental principle of cryptocurrency - "don't trust, verify" - assumes increased importance, urging companies to prioritize vigilant hiring practices and cybersecurity to counteract these threats.
