Kraken Discovers North Korean Hacker Attempting Infiltration as US FinCEN Proposes Ban on Huione Group

• Kraken uncovered a North Korean hacker posing as a job candidate, advancing through hiring to gather intel on infiltration tactics.

• The hacker used fake identities and suspicious technical setups, revealing ties to state-sponsored cybercrime.

• The US Financial Crimes Enforcement Network proposed a ban on Huione Group for facilitating North Korean cybercriminals in laundering illicit funds.

Kraken’s discovery of a North Korean hacker during recruitment raises significant concerns about cybersecurity in the crypto industry.

How a North Korean Hacker Tried to Infiltrate Kraken

Kraken detailed the incident in a recent blog post on May 1. The hacker applied for an engineering role at the exchange, initially appearing as a legitimate candidate, allegedly named Steven Smith. However, several red flags emerged during the hiring process.

“What started as a routine hiring process for an engineering role quickly turned into an intelligence gathering operation,” Kraken noted. This systematic approach allowed teams to learn more about the hacker’s tactics at every stage.

The candidate used various names during interviews and seemed to switch voices, suggesting coaching. Their application was linked to email addresses associated with North Korean hackers.

Additionally, an Open-Source Intelligence (OSINT) investigation revealed the candidate’s ties to a network of fake identities.

“This meant that our team had uncovered a hacking operation where one individual had established multiple identities to apply for roles in the crypto space and beyond,” the blog read. Evidence showed that these identities had previously been hired by numerous companies, with some flagged as foreign agents on the sanctions list.

Technical inconsistencies in their setup, like using remote, colocated Mac desktops accessed via a VPN, indicated an infiltration attempt. This information underscored that the candidate was likely a state-sponsored hacker.

In a final interview, Kraken’s Chief Security Officer, Nick Percoco, confirmed the company’s suspicions. The candidate’s inability to verify their location or answer questions regarding their citizenship revealed them as an impostor.

“Their job is to start employment to steal intellectual property, steal money from those companies, take home a paycheck, and do it in a widespread way,” Percoco elaborated during an interview with CBS.

FinCEN Proposes Ban on Huione Group Over North Korean Ties

Meanwhile, the US Financial Crimes Enforcement Network (FinCEN) has proposed banning the Cambodia-based Huione Group from the US financial system due to its suspected facilitation of North Korean cybercriminals involved in major cyber heists.

“Huione Group has established itself as the marketplace of choice for malicious cyber actors, including DPRK and criminal syndicates, who have stolen billions of dollars from everyday Americans,” stated Secretary of the Treasury Scott Bessent.

FinCEN accused Huione of laundering over $4 billion in illicit funds between August 2021 and January 2025. The department noted that Huione’s operations, including Huione Pay and Huione Crypto, serve as preferred platforms for criminals engaging in cryptocurrency-related fraud and transactions.

“Today’s proposed action will sever Huione Group’s access to correspondent banking, degrading these groups’ ability to launder their ill-gotten gains,” Bessent added, emphasizing the Treasury’s commitment to disrupting cybercriminal revenue streams.

These incidents underscore a disturbing pattern of North Korean cyberattacks targeted at the cryptocurrency sector, with hackers stealing over $659 million from crypto firms in 2024 alone.

In a joint statement from the United States, Japan, and South Korea, it was reported that North Korean hackers employed social engineering and malware tactics to infiltrate targets.

Crucially, previous reports have traced the activities of the notorious Lazarus Group to high-profile thefts at platforms such as Bybit and Upbit. Moreover, these hacker groups were implicated in the Radiant Capital hack and the DMM Bitcoin exploit.

On-chain investigator ZachXBT recently uncovered significant North Korean impact on decentralized finance (DeFi) protocols, with some protocols relying nearly entirely on transaction volumes associated with the Democratic People’s Republic of Korea (DPRK).

Conclusion

This alarming situation highlights the evolving challenges that the cryptocurrency industry faces with sophisticated cyber threats. Readers need to remain vigilant, ensuring robust security measures are crucial for any involved in the crypto space.