Kraken, a leading cryptocurrency exchange, thwarted an infiltration attempt by a North Korean hacker posing as a job applicant, the company revealed in an interview with CoinDesk on May 2, 2025. The incident highlights the growing threat of state-sponsored cyber espionage targeting the crypto industry, which saw over $650 million stolen by North Korean hackers in 2024.
The scheme began with a resume submitted for an engineering role at Kraken. Suspicion arose when the candidate joined a video interview using a different name than the one on the application. Kraken’s security team, using Open-Source Intelligence (OSINT) and a list of email addresses linked to North Korean hacker groups provided by industry partners, confirmed the applicant’s ties to a state-backed cyber operation. The company then engaged the candidate strategically to gather intelligence on their tactics, turning the hiring process into a counter-espionage operation.
“This incident underscores a core crypto principle: Don’t trust, verify,” said Nicholas Percoco, Kraken’s chief security officer, in a statement on the company’s blog. “In the digital age, this mindset is more critical than ever.”
The crypto sector has become a prime target for North Korean hackers, particularly the Lazarus Group, a hacking unit tied to Pyongyang’s Reconnaissance General Bureau. A Reuters report from April 2025 revealed that North Korean operatives have set up fake U.S.-based companies, such as Blocknovas LLC, to distribute malware targeting crypto developers. The FBI has identified these cyber operations as among the most significant threats facing the United States, with seized domains like Blocknovas linked to deceptive job postings.
The crypto community has praised Kraken’s vigilance. One X user commented on the topic, saying, “Props to Kraken for catching this before it escalated.” However, concerns about broader vulnerabilities persist, with another user noting the potential for North Korea to target other blockchain ecosystems like Solana.
Kraken uncovered a North Korean hacker trying to land a job at the crypto exchange. It started with a resume — and turned into a full-blown intellegence op. 🔦
.@krakenfx CSO @c7five tells @jennsanasie how they identified the threat. 👇 pic.twitter.com/3rONPlXCqt
— CoinDesk (@CoinDesk) May 2, 2025
The market response has been minimal, with Bitcoin and Ethereum prices showing no significant changes following the news. However, experts warn that such incidents could undermine trust in crypto exchanges if not addressed. One X user remarked on the unusual nature of the incident, stating, “Imagine applying for a job and accidentally triggering a national security alert.”
Looking ahead, Kraken plans to strengthen its hiring protocols and share its findings with other crypto firms to prevent similar incidents. The broader industry faces challenges as North Korean hackers become more sophisticated, which may lead to tighter regulations. Global regulators, including the U.S. Treasury and the European Union, are already exploring stricter oversight of crypto exchanges to combat illicit activities.
Kraken’s swift action has exposed a critical vulnerability in the crypto hiring process, serving as a reminder of the persistent threats facing the industry. As state-backed hackers continue to target digital assets, the sector must remain proactive to protect its infrastructure and users.