Kraken Foils North Korean Infiltration Attempt
Breaking Down the Hack
Interview Reveals North Korean Spy Working at Kraken Cryptocurrency Exchange
Crypto exchanges are facing increased threats from state-sponsored actors, as demonstrated by a recent interference attempt at Kraken exchange. In a blog post published on May 1, Kraken revealed a North Korean operative who applied for an engineering role at the company. Initially, the application seemed standard, but as the hiring process progressed, the security team began to suspect foul play.
Warning Signs
The first red flags appeared during the interview process when the applicant used a name different from their application and occasionally switched between voices, indicating coaching. Rather than immediately rejecting the candidate, Kraken decided to continue the process to gather intelligence on the hacking tactics being employed.
Deception Unveiled
The discovery was facilitated by a tip from industry partners, who had warned about North Korean operatives seeking employment in the crypto industry. With this intelligence, Kraken’s security team uncovered a network of fake identities, altered documents, and evidence of digital footprints linked to previous malicious activity.
The applicant's GitHub profile contained an email address linked to a past data breach, further highlighting suspicious activity. During the final interviews, Kraken Chief Security Officer Nick Percoco conducted impromptu identity verification tests, which exposed the deception and forced the candidate to unravel under pressure.
Wider Threat Landscape
The attempted infiltration comes as cyber activity from North Korea escalates. With international sanctions in place, the regime is turning to cryptocurrency as an alternative funding source. North Korean hackers have been responsible for billions of dollars worth of cryptocurrency theft this year alone, targeting various exchanges.
The increasing sophistication of their tactics includes phishing emails, impersonating recruiters, compromising blockchain software repositories, and even using deepfake technology for interviews. These activities demonstrate the need for crypto firms to stay vigilant and implement robust security measures.
"State-sponsored attacks aren't just a crypto or US corporate issue—they're a global threat," said Percoco. The Kraken case underscores the importance of open-source intelligence and constant vigilance in recruitment processes to counter these threats.
- The North Korean operative, who applied for an engineering role at Kraken exchange, was likely using inconsistencies in their application to facilitate an infiltration attempt.
- Hackers, such as those from North Korea, are increasingly applying for roles within the cryptocurrency industry, posing a threat to finance and cybersecurity.
- As the use of cryptocurrency becomes more widespread, especially in circumstances like international sanctions, cybersecurity in the technology sector becomes notably vital to combat state-sponsored hacking attempts.
- In response to the escalating cyber activity from North Korea, it's essential for cryptocurrency firms to stay vigilant, implementing robust security measures and adopting open-source intelligence strategies in their recruitment processes.
