How Kraken Exposed a Suspected North Korean Hacker Targeting Crypto

In a striking example of vigilance in the crypto industry, Kraken, a leading crypto exchange, uncovered a sophisticated attempt by a suspected North Korean operative to infiltrate its operations. The incident, reported by CBS News, involved a man identified as Steven Smith, who applied for an IT position at Kraken. His application raised red flags, leading Kraken’s security team to conduct a recorded Zoom interview that exposed inconsistencies in his identity and credentials. This discovery highlights a broader, alarming trend where North Korean cyber operatives target U.S. tech companies, exploiting remote work to steal funds and intellectual property to support Kim Jong-un’s regime.

Kraken’s security researchers, Nick Percoco and Dan Bowski, acted on intelligence shared by law enforcement, which had flagged Smith as a potential member of North Korea’s cyber army. During the interview, Smith presented a fraudulent ID and provided resume details that didn’t hold up under scrutiny. The recorded footage, later shared with CBS News, offered a rare glimpse into the deceptive tactics used by operatives to gain access to sensitive systems. The FBI has since confirmed that such schemes are part of a larger North Korean strategy to embed operatives in U.S. companies, particularly in tech and crypto, to siphon resources for the regime’s weapons programs, including its nuclear and ballistic missile initiatives.

A Growing Threat to the Tech Industry

The Kraken incident underscores a critical challenge facing the tech sector as remote work becomes more prevalent. FBI intelligence analysts have noted that North Korean operatives exploit the anonymity of virtual hiring processes to pose as legitimate candidates. These individuals often target IT roles that provide access to proprietary systems, enabling them to steal valuable data or funds. According to Dimitriel Perovich, a source cited in the CBS report, the proceeds from these operations directly fuel North Korea’s munitions industry and military programs. The scale of the problem is significant, with the FBI estimating that hundreds of operatives may already be embedded across various U.S. industries.

Complicating the issue is the role of U.S.-based facilitators who, knowingly or unknowingly, support these operations. The FBI has taken action, arresting individuals in states like Arizona and Tennessee for operating “laptop farms”—computer hubs designed to mask the true identities and locations of foreign operatives. These facilitators enable North Korean hackers to operate under the guise of U.S.-based employees, making detection even more challenging. The FBI also warns that this scheme is expanding globally, posing a growing risk to industries worldwide.

Kraken’s proactive measures, including its collaboration with law enforcement, highlight the importance of robust security protocols in countering such threats. However, the disappearance of all online traces of Steven Smith after his exposure illustrates the difficulty of tracking these operatives once they’re identified. Many are likely to resurface under new aliases, targeting other companies. This incident serves as a wake-up call for the tech industry to strengthen hiring processes, enhance cybersecurity measures, and foster closer partnerships with government agencies to combat state-sponsored cyber threats.