In early 2025, Kraken’s security and recruitment teams discovered that a job applicant was in fact a North Korean state-sponsored hacker linked to the Lazarus Group. Rather than immediately rejecting the suspicious candidate, the teams advanced the individual through multiple interview rounds to observe tactics and gather intelligence. During the process, Kraken identified inconsistencies in the applicant’s resume, GitHub profile, voice patterns, use of VPN-masked Mac desktops, and altered identification documents. Subtle in-interview challenges, such as requests for local recommendations, exposed the candidate’s unfamiliarity with the claimed locale and confirmed malicious intent. While no customer or corporate data was stolen, Kraken expended significant investigative resources and devoted manpower to counter-espionage efforts. The operation ultimately yielded valuable insights into North Korea’s sophisticated infiltration methods, enabling Kraken to bolster its defenses. However, the episode underscored the rising risk of state-sponsored cyber actors posing as legitimate job seekers, prompting a reevaluation of hiring protocols across the cryptocurrency industry.
Source: https://cybersecuritynews.com/north-korean-hackers-infiltrate-kraken/
"id": "sea000050625",
"linkid": "seattlekraken",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"