A North Korean-sponsored hacking group attempting a job application at cryptocurrency exchange Kraken was “outed” during the interview process, according to Chief Security Officer Nick Percoco.
Kraken’s cybersecurity team intercepted an email list associated with known threat actors and identified one candidate who had applied for an open position. While initially an anomaly, the candidate was in fact advanced to later interview stages on the platform’s recommendation.
“The resume wasn’t particularly stand-out,” explained Percoco. “But seemingly, in applying via Discord, it was automatically routed into a candidate tracking system which flagged it as a clipping from a known list.”
When brought before the hiring team, several red flags emerged. The newcomer failed a basic Zoom etiquette test by logging into a call with a different identity, which was rapidly changed once detected.
The situation became even more concerning when Percoco conducted a cultural fit interview during Halloween week. The candidate displayed fundamental misunderstandings about the public holiday. An assessment for current geographic location via Google Maps also revealed significant difficulties, taking considerable time to identify Texas on the application.
Though potentially comical under normal circumstances, Percoco highlighted that such incidents underscore a serious trend: criminal groups are actively attempting to embed human intelligence within U.S. cryptocurrency entities.
“These are sophisticated actors who understand potential vulnerabilities in standard hiring procedures,” Percoco stated. “Simply moving recruitment from traditional channels to messaging platforms like Discord introduces unforeseen security gaps.”
The case demonstrates how basic human observation can identify behavioral red flags. “If pressed,” advised Percoco, “employ geolocation verification for virtual candidates, but ultimately the most revealing test is simply asking them to execute a mundane, verifiable action while remote.”
“My typical suggestion,” he concluded, “is to request candidates order coffee at a nearby establishment – seeing the physical context provides material evidence impossible to manufacture in a remote setting.”
This incident serves as a stark reminder that while technical security barriers must be strong, robust vetting protocols and human judgment remain essential components of cybersecurity within the rapidly expanding digital asset ecosystem.
