Kraken, one of the world’s oldest and most well-known cryptocurrency exchanges, has exposed an attempt by a North Korean hacker to get a job at the company.

Although Kraken was immediately suspicious of the hacker, the company chose not to dismiss his application right away. Instead, executives made the strategic decision to let him progress through the entire hiring process.

This approach allowed Kraken to gather crucial intelligence on the hacker’s tactics and methods, the company explained in a blog post.

The first red flag appeared when the hacker joined a video call under a different name than the one listed on his résumé. They also noticed that his voice unexpectedly changed during the interview.

This triggered an investigation from Kraken’s security team. They used Open-Source Intelligence (OSINT) methods and found he used remote Mac desktops accessed via VPN to hide his location.

After digging deeper, Kraken’s security team found that the email address on his résumé had previously been exposed in a data breach. His ID also revealed signs of tampering, suggesting it had been altered using stolen identity information.

In the final interview of the hiring process, Percoco ran some identity verification tests.

“We said this is going to be a get-to-know-you, sort of, cultural interview,” Kraken’s chief security officer, Nick Percoco explained. “That’s where he really failed. I don’t think he actually answered any questions that we asked him.”

During the interview, the hacker claimed to have a bachelor’s degree in computer science from New York University and 11-plus years of experience as a software engineer for US-based companies, but he didn’t seem to know anything about Halloween.

He also couldn’t answer simple questions about Houston, where he claimed to have lived, nor name a single restaurant in the area, despite listing food as an interest on his résumé.

This comes two months after Kraken’s competitor, Bybit, was hit by the largest hack in history, resulting in a loss of R$ 8.2 billion. In April, Google warned that North Korean hackers are operating globally.

“Don’t trust, verify. This core crypto principle is more relevant than ever,” Percoco said. “State-sponsored attacks aren’t just a crypto issue-they’re a global threat. Resilience starts with operationally preparing to withstand these types of attacks”.