Kraken Thwarts North Korean Agent's Attempted Infiltration via Job Interview
A North Korean operative's attempt to infiltrate Kraken, a prominent cryptocurrency exchange, through a deceptive job interview has been successfully thwarted, highlighting the increasing sophistication of state-sponsored cyber-espionage tactics targeting the digital asset industry.
The incident involved an individual posing as a qualified IT professional, leveraging fabricated credentials and a falsified identity to secure a remote position within Kraken. The operative's strategy included the use of advanced social engineering techniques, such as deepfake technology and AI-generated documentation, to bypass standard hiring protocols. However, Kraken's vigilant recruitment team identified inconsistencies during the interview process, leading to the exposure of the applicant's true affiliation.
This event underscores a broader pattern of North Korean cyber operations aimed at the cryptocurrency sector. The Lazarus Group, a hacking collective linked to North Korea's Reconnaissance General Bureau, has been implicated in numerous cyberattacks resulting in substantial financial losses. Notably, the group orchestrated a $37 million theft from CoinsPaid in July 2023 by deceiving an employee into downloading malware under the guise of a job-related task.
The United Nations has reported that North Korea employs over 4,000 IT workers globally, generating approximately $600 million annually to fund its nuclear weapons program. These operatives often assume false identities and secure positions in tech firms, exploiting the remote work culture to mask their true origins.
In the United Kingdom, authorities have urged companies to conduct in-person or video interviews to mitigate the risk of hiring imposters. A recent analysis revealed that a single North Korean agent operated under 12 different personas across Europe and the U.S., infiltrating sensitive sectors including defense and government.
See also ZKsync's Airdrop Security Breach Unveils $5 Million Exploit
The FBI has also issued warnings about North Korean schemes involving fake job offers and investment opportunities designed to trick individuals into downloading malware. These social engineering attacks are characterized by their complexity and the use of sophisticated technical acumen to compromise even well-versed cybersecurity professionals.
Cybersecurity experts emphasize the need for rigorous hiring practices, including thorough background checks and identity verification, to counteract these threats. Companies are advised to be wary of applicants who avoid video interviews, request payment through unconventional means, or exhibit inconsistencies in their professional histories.
Arabian Post – Crypto News Network
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Arabian Post
21 hours ago
- Arabian Post
Bitcoin Windfall: Ulbricht Receives $31.4M in Anonymous BTC Donation
Ross Ulbricht, the founder of the Silk Road darknet marketplace, has received an anonymous donation of 300 Bitcoin, valued at approximately $31.4 million, sent to his official Bitcoin address. This substantial contribution follows his release from prison after a full pardon by former U.S. President Donald Trump in January 2025. The donation was made to the Bitcoin address listed on a website dedicated to supporting Ulbricht. The identity of the donor remains unknown, and there has been no public acknowledgment from Ulbricht or his representatives regarding the transaction. In addition to this significant donation, an auction of Ulbricht's personal belongings has reportedly raised nearly $1.3 million in Bitcoin. The auction, organized to support Ulbricht's reintegration into society, featured items such as personal writings, artwork, and other memorabilia. ADVERTISEMENT Ulbricht's financial situation has been a topic of interest since his release. Coinbase executive Conor Grogan identified approximately 430 BTC, worth around $47 million, in wallets associated with Ulbricht that had remained untouched for over 13 years. However, it remains unclear whether Ulbricht has access to the private keys required to control these funds. The cryptocurrency community has shown considerable support for Ulbricht since his release. Crypto exchange Kraken donated $111,111 in Bitcoin to assist with his transition back into society. Additionally, various fundraising efforts, including merchandise sales, have contributed to a growing fund aimed at supporting Ulbricht's post-incarceration life. Ulbricht was arrested in 2013 and later sentenced to double life imprisonment plus 40 years without the possibility of parole for his role in operating the Silk Road marketplace. The platform facilitated the trade of illegal goods and services, primarily using Bitcoin for transactions. His sentence was commuted by President Trump, who cited support from the Libertarian movement and concerns over the severity of the punishment.
Tahawul Tech
a day ago
- Tahawul Tech
Malicious packages are threatening software supply chains
Kaspersky's Global Research and Analysis Team experts reported that by the end of 2024 a total of 14,000 malicious packages were found in open-source projects, a 48% increase compared to the end of 2023. 42 million versions of open-source packages have been examined by Kaspersky throughout 2024 in search for vulnerabilities. Open-source is software with source code that anyone can inspect, modify, and enhance. Popular open-source packages include GoMod, Maven, NuGet, npm, PyPI, and others. These are tools that power countless applications and help developers easily find, install, and manage pre-built code libraries, making it simpler to build software by reusing code others have written. Attackers take advantage of the popularity of these and other packages. In March 2025, the Lazarus Group was reported to have deployed several malicious npm packages, which were downloaded multiple times before removal. These packages contained malware to steal credentials, cryptocurrency wallet data, and deploy backdoors, targeting developers' systems across Windows, macOS, and Linux. The attack leveraged GitHub repositories for added legitimacy, highlighting the group's sophisticated supply chain tactics. Kaspersky's GReAT also found other npm packages related to this attack. Malicious npm packages could have been integrated into web development, cryptocurrency platforms, and enterprise software, risking widespread data theft and financial losses. In 2024, a sophisticated backdoor was discovered in XZ Utils versions 5.6.0 and 5.6.1, a widely used compression library in Linux distributions. Inserted by a trusted contributor, the malicious code targeted SSH servers, enabling remote command execution and threatening countless systems globally. Detected before widespread exploitation due to performance anomalies, the incident highlighted the dangers of supply chain attacks. XZ Utils is integral to operating systems, cloud servers, and IoT devices, making its compromise a threat to critical infrastructure and enterprise networks. In 2024, Kaspersky's GReAT discovered that attackers uploaded malicious Python packages like chatgpt-python and chatgpt-wrapper to PyPI, mimicking legitimate tools for interacting with ChatGPT APIs. These packages, designed to steal credentials and deploy backdoors, capitalised on the popularity of AI development to trick developers into downloading them. These packages could have been used in AI development, chatbot integrations, and data analytics platforms, endangering sensitive AI workflows and user data. 'Open-source software is the backbone of many modern solutions, but its openness is being weaponised. The 50% rise in malicious packages by the end of 2024 shows attackers are actively embedding sophisticated backdoors and data stealers in popular packages, which millions rely on. Without rigorous vetting and real-time monitoring, a single compromised package can trigger a global breach. Organisations need to secure the supply chain before the next XZ Utils-level attack succeeds,' comments Dmitry Galov, Head of Research Centre for Russia and CIS at Kaspersky's Global Research and Analysis Team. To stay safe, Kaspersky recommends: Use a solution for monitoring the used open-source components in order to detect the threats that might be hidden inside. If you suspect that a threat actor may have gained access to your company's infrastructure, we recommend using the Kaspersky Compromise Assessment service to uncover any past or ongoing attacks. Verify package maintainers: check the credibility of the maintainer or organization behind the package. Look for consistent version history, documentation, and an active issue tracker. Stay informed on emerging threats: subscribe to security bulletins and advisories related to the open-source ecosystem. The earlier you know about a threat, the faster you can respond. Image Credit: Stock Image
Arabian Post
22-05-2025
- Arabian Post
Kraken Unveils 24/7 Tokenized Stock Trading for Global Clients
Cryptocurrency exchange Kraken has announced the launch of tokenized versions of over 50 U.S.-listed stocks and exchange-traded funds , including Apple, Tesla, and Nvidia, for non-U.S. customers. These digital assets, branded as 'xStocks,' will be available for trading around the clock via the Solana blockchain, enabling investors in Europe, Latin America, Africa, and Asia to access U.S. equities beyond traditional market hours. Each xStock token is backed by actual shares held by Kraken's partner, Backed Finance, ensuring that the tokens' values closely mirror their underlying securities. The tokens are redeemable for the cash equivalent of the corresponding stock or ETF, providing a seamless bridge between digital and traditional financial markets. Kraken's co-CEO, Arjun Sethi, emphasized the platform's commitment to reducing barriers for international investors. 'Overseas investors can currently buy U.S. stocks through local brokerages, but it typically involves very high fees and slow settlement times,' Sethi noted. 'There's a lot of friction.' By leveraging blockchain technology, Kraken aims to offer a more efficient and cost-effective alternative. ADVERTISEMENT The introduction of xStocks also allows for greater flexibility in asset management. Investors can store these tokenized equities in digital wallets, trade them across various crypto platforms, and even use them as collateral for crypto trading strategies. This integration of traditional assets into the crypto ecosystem reflects a growing trend toward the tokenization of financial instruments. Kraken's move follows earlier attempts by other exchanges to offer tokenized stocks. In 2021, Binance introduced similar products but discontinued them after regulatory challenges. Learning from such precedents, Kraken is actively collaborating with regulators to ensure compliance across different jurisdictions. A company spokeswoman stated that Kraken is 'actively working with various regulators' to navigate the complex international regulatory landscape. The broader financial industry has shown increasing interest in the potential of tokenization. The U.S. Securities and Exchange Commission hosted a roundtable discussion on the subject earlier this month, and major firms like BlackRock and Robinhood have expressed support for the tokenization of securities. Sethi predicts that tokenized equities could surpass stablecoins in market size, highlighting their transparency, speed, and global accessibility. Kraken's expansion into tokenized equities is part of a larger strategy to bridge traditional finance and the crypto world. The company has also launched commission-free trading for over 11,000 U.S.-listed stocks and ETFs through its Kraken Securities platform, initially available in select U.S. states with plans for broader rollout. This integrated approach allows users to manage cryptocurrencies, equities, ETFs, stablecoins, and fiat currencies within a single platform.
