North Korean hacker who tried to get a job at US tech company caught red-handed - here's how
A North Korean hacker who attempted to infiltrate the ranks of a US tech company has been caught red-handed.
He had applied for an engineering role at the Kraken cryptocurrency exchange, which knew he was a malicious actor from the very start.
But instead of rejecting his CV, executives allowed him to advance through the recruitment process so they could gather intelligence about his tactics.
1:22
The first red flag emerged when the hacker joined a video call using a different name to the one on his resume, with his voice occasionally switching throughout the interview.
It was also discovered that the dodgy candidate's email address was linked to a large network of fake identities and aliases used by a hacking group.
Forensic examination of his ID showed that it appeared to have been altered - and may have featured details from victims of identity theft.
Traps were also set in the final interview, when the hacker was asked to verify their location and recommend nice restaurants in the city they claimed to live in.
Kraken said this caused the candidate to unravel - and they were unable to convincingly answer simple questions because they were flustered and caught off guard.
"By the end of the interview, the truth was clear: this was not a legitimate applicant, but an imposter attempting to infiltrate our systems," the company added.
1:00
Its chief security officer Nick Percoco has warned state-sponsored attacks are a "global threat" - and while some hackers break in, others try to walk through the front door.
Although artificial intelligence is making it easier to deceive businesses, he doesn't believe this technology is foolproof, as real-time verification tests can often wrong-foot fraudsters.
Research from the Google Threat Intelligence Group suggests this is a growing problem - with North Korean IT workers gaining employment at major companies in the US and Europe.
Their salaries help generate revenue for the secretive state - and in some cases, malicious actors also extort their employers by threatening to release commercially sensitive information.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Finextra
a day ago
- Finextra
Finding Your Crypto Home: What Makes an Exchange Platform Trustworthy: By Priyanka Rao
The cryptocurrency market has evolved dramatically, with thousands of digital assets now available for trading. Yet this expansion has brought a parallel rise in fraudulent platforms designed to steal funds or personal data. Selecting a trustworthy cryptocurrency exchange website has become a critical decision for investors – one that directly impacts both portfolio security and trading success. Recent data shows that crypto scams resulted in losses exceeding $3 billion in 2024 alone, with fake exchanges accounting for a significant portion of these thefts. This guide examines the key factors that distinguish legitimate exchanges from fraudulent ones, helping you identify platforms worthy of your investment. Key Indicators of a Legitimate Cryptocurrency Exchange Legitimate exchanges demonstrate their trustworthiness through concrete factors reflecting commitment to user protection. Unlike fraudulent platforms, reputable exchanges invest in compliance, security infrastructure, and operational transparency. Established platforms like Coinbase, Kraken, and Gemini prioritize these elements, creating accountability mechanisms that protect users from potential risks. Regulatory Compliance and Licensing Regulatory compliance represents a primary indicator of exchange legitimacy. In the US, legitimate exchanges register with multiple agencies: The Securities and Exchange Commission (SEC) for securities tokens. The Commodity Futures Trading Commission (CFTC) for commodity-based cryptocurrencies. State-level money transmitter licenses. FinCEN registration as Money Services Businesses. Compliant exchanges implement robust Know Your Customer (KYC) procedures and Anti-Money Laundering (AML) protocols. Before creating an account, verify an exchange's regulatory status by checking license numbers and confirming compliance with relevant jurisdictions. Transparent Company Information and Operations Legitimate exchanges provide clear transparency about: Publicly identified leadership with verifiable backgrounds. Corporate structure and registration information. Physical headquarters address. Explanations of how funds are secured. Transparent fee structures. Published audit results. Fraudulent exchanges typically obscure leadership, provide vague company information, and avoid specifics about operations – all significant red flags when evaluating platforms. Security Features That Matter Security infrastructure represents perhaps the most critical differentiator between legitimate and fraudulent exchanges. Reputable platforms invest millions in multi-layered security systems designed to protect assets under all circumstances. Key security features to evaluate include: Two-factor authentication implementation (mandatory vs. optional). Cold storage protocols (percentage of assets kept offline). Encryption standards for data transmission and storage. Regular penetration testing with published results. Wallet security architecture (multi-signature requirements). Bug bounty programs that incentivize security researchers. Exchanges like Coinbase maintain approximately 98% of customer assets in cold storage completely disconnected from the internet, effectively protecting them from online attacks. Similarly, Gemini's security framework includes SOC 2 Type 2 compliance, demonstrating commitment to operational excellence through independent examination. Asset Protection and Insurance Beyond basic security measures, leading exchanges implement additional asset protection mechanisms: Insurance policies covering digital assets in case of theft. Segregated user accounts that separate operating capital from customer funds. Proof of reserves demonstrations that verify sufficient backing. Third-party custody arrangements with qualified custodians. Regular financial audits by established accounting firms. For example, Coinbase maintains insurance coverage for digital assets held in their hot wallets, while BitGo provides up to $250 million in insurance for qualified custody clients. These protective measures create crucial safety nets beyond standard security protocols. When evaluating an exchange, specifically ask about: The percentage of assets kept in cold storage. Insurance coverage details and limitations. How the exchange handles security breaches. Published security incident history and resolution process. Trading Features and User Experience Legitimate exchanges deliver precise, reliable trading experiences without unrealistic promises. Their platforms feature: Accurate market data from verifiable sources. Transparent order books showing actual trading activity. Reasonable fee structures clearly displayed before trading. Reliable liquidity that enables order execution at expected prices. Trading interfaces that present information accurately. Suspicious exchanges often inflate trading volumes through wash trading (creating artificial activity), promise unrealistic returns, or offer "guaranteed" profit opportunities. These tactics artificially boost visibility metrics while creating the illusion of market depth. Trade volume verification has become increasingly important in evaluating exchange legitimacy. Services like Nomics and Messari now provide "Transparent Volume" metrics that assess the credibility of reported trading volumes. Exchanges receiving high transparency ratings demonstrate commitment to honest reporting of meaningful trading activity. How to Verify an Exchange's Reputation Beyond advertised features, practical verification steps help determine an exchange's actual reliability: Check independent reviews: Platforms like Trustpilot, Reddit's r/cryptocurrency community, and specialized forums provide unfiltered user experiences. Look for patterns in complaints rather than isolated incidents. Test customer support: Contact support with questions before depositing funds. Response time and quality reveal much about operational standards. Start with small transactions: Test withdrawal processes with minimal amounts before committing significant capital. Verify trading volume legitimacy: Use tools like CoinGecko's "Trust Score" or CoinMarketCap's liquidity metrics to assess volume credibility. Check blockchain activity: For major exchanges, services like Glassnode or Chainalysis provide insights into actual on-chain movement confirming reported volumes. The cryptocurrency ecosystem continues maturing, with clear differentiation emerging between trustworthy platforms and questionable operations. By evaluating exchanges through these concrete criteria rather than marketing claims alone, investors can significantly reduce their exposure to fraudulent platforms and find genuine partners for their crypto journey.
Reuters
2 days ago
- Reuters
Circle's blockbuster IPO paves way for other crypto public listings
June 5 (Reuters) - Stablecoin issuer Circle's $1.05 billion initial public offering on Thursday could spur other large crypto players to follow suit as the industry benefits from U.S. President Donald Trump's embrace of the sector, according to experts and analysts. Circle priced its shares at $31 on Wednesday. In a sign of investor demand, they opened on the New York Stock Exchange on Thursday at $69 apiece and closed at $83.23. That trajectory is likely to encourage other crypto companies eyeing stock market debuts. Circle is the first major crypto company to go public since crypto exchange Coinbase (COIN.O), opens new tab listed on Nasdaq in 2021. Analysts have pointed to crypto exchanges Kraken and Gemini as other potential IPO candidates in the digital asset sector. Neither company immediately responded to a request for comment. 'It would not be surprising if other crypto companies follow suit," said Jacob Zuller, an analyst at Third Bridge. "Public markets have accepted that crypto is not going away." Circle issues stablecoin USDC, a cryptocurrency pegged to the U.S. dollar and designed to maintain a constant value. Crypto traders use stablecoins to move funds between tokens and proponents say they could be used to send and receive payments instantly. "We've had a deep conviction from the inception of the company that we could build a new infrastructure for money, built on the internet, that could radically reshape the utility of money," Circle CEO Jeremy Allaire said in an interview with Reuters. Circle's IPO success demonstrates that there is pent-up demand in the public markets for crypto and other financial technology companies, said Dan Dolev, senior analyst at Mizuho. "If IPOs go wild, it's a good bellwether," he said. NYSE Group President Lynn Martin went a step further, calling Circle's IPO a positive sign not just for crypto listings, but for IPOs in general. "I see the Circle IPO as a bellwether for the IPO markets this year, not just for crypto listings," she said. Fintech companies have been warmly received in recent months. Shares in retail brokerage eToro surged 34% in their Nasdaq debut in May. Digital banking startup Chime is seeking a more than $11 billion valuation when it launches next week. Investment interest in digital assets 'is coming from all corners,' said Sui Chung, CEO of crypto index provider CF Benchmarks. 'There's a plethora of high tech and blockchain-focused investment funds, and these vehicles have been starved of new issues for a long time," said Chung. After crypto exchange FTX collapsed in 2022, many institutional investors shunned the digital asset market. Crypto prices eventually recovered, and the industry got a major boost when Trump professed support on the campaign trail, pledging to be a "crypto president." In his first week in office, Trump created a cryptocurrency working group to propose digital asset regulations. In March, he hosted crypto executives at the White House. Congress is also widely expected to pass legislation this year creating a federal regulatory framework for stablecoins that experts say could pave the way for their widespread use.
Finextra
3 days ago
- Finextra
Huma joins the Global Dollar Network
Huma has officially joined the Global Dollar Network (GDN) — a coalition of leading enterprises committed to accelerating the adoption of stablecoins through aligned incentives, regulatory clarity, and global utility. 0 Launched by Paxos and powered by Global Dollar (USDG), the network includes members such as Robinhood, Kraken, Anchorage, Nuvei, and Worldpay. USDG is a US dollar-backed stablecoin issued by Paxos Digital Singapore and is compliant with the Monetary Authority of Singapore's (MAS) upcoming stablecoin regulatory framework. Available on Solana, Ethereum, and other public blockchains approved by MAS, USDG supports fast, low-cost, and secure global money movement. Significantly, USDG's preferred blockchain is Solana—chosen for its unparalleled speed, efficiency, and scalability, making it ideally suited for powering real-time financial transactions. Currently, around $3.5 to $4 billion of daily stablecoin volume already occurs on Solana, highlighting its strong adoption and capacity for supporting global-scale financial operations. A Step Forward for PayFi Stablecoins have become a foundational layer of programmable finance—central to the future of PayFi and global liquidity—powering use cases from real-time settlement to cross-border payments. The Global Dollar Network builds on this momentum with a model designed to strengthen and scale the PayFi ecosystem. • Aligned incentives: Network revenue is shared with GDN partners who mint, transact, and hold USDG. • Regulatory confidence: USDG is designed to comply with MAS's forthcoming stablecoin framework, providing the trust institutions require. • Lower barriers to participation: Enterprises can tap into stablecoin benefits without launching their own asset. • Collaborative adoption: GDN fosters industry coordination to drive real-world stablecoin use cases across finance and commerce. Erbil Karaman, Co-Founder of Huma, said 'Stablecoins are ready to power global payments and fintechs, however single issuer stablecoins fail to create the network effect needed to accelerate adoption. That's why we are so excited to be joining GDN alongside many of our existing partners and bring the PayFi movement to the masses.' Huma's PayFi network has already facilitated over $4.5 billion in payment-backed transactions, addressing a global market exceeding $30 trillion annually. Stablecoins, such as USDG, have become essential financial infrastructure, processing over $35 trillion in transactions in 2024 alone, underscoring their critical role in the evolving financial landscape. Ronak Daya, Head of Product at Paxos, said 'Huma joins Global Dollar Network with a proven track record in delivering liquidity and credit solutions for global payments. Their infrastructure directly strengthens our network partners' ability to move money efficiently across borders. With significant stablecoin volume already on Solana, USDG is well positioned for adoption in remittance and money movement, an area in which Huma addresses critical challenges around liquidity and pre-funding.' Accelerating Always-On Financial Infrastructure As stablecoin adoption accelerates with regulatory clarity emerging with the GENIUS Act, Huma is positioned to capture the infrastructure opportunity ahead with this integration with Global Dollar Network.
