Kraken Foils North Korean Hacker
Kraken Thwarts North Korean Hacker Infiltration Attempt
Kraken, a leading cryptocurrency exchange, recently detailed a sophisticated infiltration attempt by a North Korean hacker disguised as a job applicant. Their security and recruitment teams skillfully advanced the fake candidate through the hiring process to understand the hacker's tactics and gather intelligence.
How the Hacker Tried to Infiltrate Kraken
The hacker, using the alias "Steven Smith," applied for an engineering position. However, several red flags emerged: inconsistent use of names and voices during interviews, an email address linked to known North Korean hacking groups, and inconsistencies in their technical setup (remote, colocated Mac desktops accessed via VPN with altered IDs).
A subsequent Open-Source Intelligence (OSINT) investigation revealed the candidate's involvement in a network of fake identities previously employed by multiple companies. One identity was even identified as a sanctioned foreign agent.
Kraken's Chief Security Officer, Nick Percoco, confirmed suspicions during a final interview, noting the candidate's inability to verify their location or answer basic questions about citizenship.
“Their job is to start employment to steal intellectual property, steal money from those companies, and do it in a widespread way,” Percoco stated.
This incident underscores the critical need for robust security measures within the cryptocurrency industry. Codeum offers comprehensive blockchain security solutions, including smart contract audits, KYC verification, and custom smart contract development, to help protect businesses from similar threats.
FinCEN Proposes Ban on Huione Group
Separately, the US Financial Crimes Enforcement Network (FinCEN) proposed banning the Cambodia-based Huione Group, identifying it as a key facilitator for North Korean hacker groups involved in cyber heists and "pig butchering" scams. FinCEN alleges Huione laundered over $4 billion in illicit funds.
“Huione Group has established itself as the marketplace of choice for malicious cyber actors… who have stolen billions of dollars from everyday Americans,” said Secretary of the Treasury Scott Bessent.
The Growing Threat of North Korean Cyberattacks
These incidents are part of a larger trend. In 2024, North Korean hackers stole over $659 million from crypto firms, employing tactics like social engineering and malware (e.g., TraderTraitor, AppleJeus). This includes previously reported attacks on Bybit, Upbit, Radiant Capital, and DMM Bitcoin, often attributed to the Lazarus Group.
On-chain investigator ZachXBT also uncovered significant North Korean involvement in DeFi protocols, highlighting the pervasive nature of this threat.
Codeum’s services can help mitigate these risks. Contact us to learn how we can fortify your blockchain infrastructure.