Kraken exchange caught a hacker red-handed when the bad actor tried to infiltrate information through a tech job interview. Based on a tip-off given by industry leaders, U.S crypto exchange Kraken stated that it foiled the North Korean hacker’s plan to exploit the exchange.
In a detailed account of how the incident unfolded, the exchange wrote, “What started as a routine hiring process for an engineering role quickly turned into an intelligence gathering operation, as our teams carefully advanced the candidate through our hiring process to learn more about their tactics at every stage of the process.”
The exchange stated that the red flags were visible from the outset, as “during their initial call with our recruiter, they joined under a different name from the one on their resume, and quickly changed it.” But it got even more suspicious when “the candidate occasionally switched between voices, indicating that they were being coached through the interview in real time.”
Kraken carried out investigation using the Open-Source Intelligence gathering (OSINT) methods. This method involves analyzing breach data, which hackers often use to identify users with weak or reused passwords. On this occasion the investigation team “discovered that one of the emails associated with the malicious candidate was part of a larger network of fake identities and aliases.”
Commenting on the incident, he Chief Security Officer (CSO) Nick Percoco, said:
“Don’t trust, verify. This core crypto principle is more relevant than ever in the digital age. State-sponsored attacks aren’t just a crypto, or U.S. corporate, issue – they’re a global threat. Any individual or business handling value is a target, and resilience starts with operationally preparing to withstand these types of attacks.
