A North Korean agent applied for a job at a popular crypto company: they tripped him over a simple question about Halloween
The hiring team at Kraken, a US-based crypto exchange, quickly realized something was off about “Steven Smith.” Applied For software engineering work in early October. But their suspicions were confirmed, until Smith’s email was a North Korean operative, comparing it to a list of people suspected of being part of a hacker group.
Kraken may have just thrown the application. Instead, Kraken’s Chief Security Officer Nick Percoco decided to take a closer look at Stephen Smith. He saw this as an opportunity to learn more about the penetration tactics of North Korea has taken billions Crypto companies, and how he can prevent that from happening in Kraken.
Percoco decided to move Smith forward through the recruitment process, talk to recruiters and conduct technical tests before setting up an interview. “We said this would make you know some kind of cultural interview,” Percoco said. luck. “That’s where he really failed. I don’t think he actually answered the questions we asked him.”
Smith claimed to have a bachelor’s degree in computer science from New York University. luck. He also claimed to have over 11 years of experience as a software engineer at US-based companies such as Cisco and the kind Human.
The interview was scheduled for Halloween, a classic American holiday, especially for New York university students.
“Some people are ringing your doorbells tonight, so there may be kids with chainsaws,” Percoco said, referring to the trick and treatment tradition. “What do you do when those people appear?”
Smith shrugged and shook his head. “There’s nothing special,” he said.
Smith also failed to answer a brief question about Houston, the town he appears to have lived in for two years. Despite listing “food” as an interest in his resume, Smith couldn’t come up with a straightforward answer when asked about his favorite restaurant in the Houston area. He looked around for a few seconds before muttering.
Here is a clip from an interview where Smith was asked about his favourite restaurant.
When asked to create a physical ID, Smith said he had no access to it at this time, but had shared a photo of his driver’s license with his name and photo a few minutes later. The addresses listed in the ID were over 300 miles from Houston.
Smith’s recruitment application is part of the growing threat facing American companies as thousands of IT workers with ties to North Korea seek to be hired remotely abroad in foreign countries. The network of operatives is part of an effort to fund the country’s weapons of mass destruction programme by working multiple jobs at once and allowing businesses to access to steal money from within.
The growing threat
Kraken may have dodged the bullet, but some companies weren’t that lucky. united nations estimate North Korea has generated between $250 million and $600 million a year by tricking foreign companies and hiring spies. North Korea’s network, known as the famous Cholima, was behind 304 personal incidents last year, cybersecurity company Crowdstrike It has been reportedpredicts that the campaign will continue to grow in 2025.
Crypto has proven to be particularly vulnerable to this type of social engineering. Another North Korean network, the Lazaro Group, is linked to some of the biggest code robbers in history, including record-breaking $1.5 billion hack February’s Crypto Exchange Bibit and $540 million theft Ronin Network Blockchain for 2022.
Percoco doesn’t know exactly what Smith’s intentions are, but he assumes an operative who is meant to steal the funds at some point. “They’ll get our company’s equipment and have access to some of the internal systems,” Percoco said. “We don’t know what they’ll do after that, but we’ll probably try to steal the funds.”
This story was originally introduced Fortune.com