The hiring team at Kraken, a U.S-based crypto exchange, immediately sensed something was unusual about “Steven Smith,” a candidate for a software engineering position in early October. Their suspicions were confirmed when Smith’s email matched those associated with a hacker group: Smith was identified as a North Korean operative.
Instead of discarding the application, Kraken’s Chief Security Officer, Nick Percoco, chose to delve deeper into Steven Smith’s background. Percoco viewed this as an opportunity to understand North Korea’s infiltration tactics, which have resulted in billions lost for crypto companies, and to devise ways to prevent such incidents at Kraken.
Percoco advanced Smith through the hiring process, including a recruiter call and a technical test, before arranging an interview. Percoco noted that Smith struggled during the cultural interview, failing to answer questions effectively.
Smith’s resume claimed a bachelor’s degree in computer science from New York University and over 11 years of experience with U.S-based firms like Cisco and Kindly Human. However, during an interview scheduled for Halloween, a prominent American holiday, Smith seemed unfamiliar with the tradition.
Percoco humorously referenced trick-or-treating, asking Smith what he would do if children ringed his doorbell. Smith’s response was indifferent, saying “Nothing special.” Additionally, despite claiming to reside in Houston for two years, Smith could not answer simple questions about the city or name a favorite local restaurant, merely stating “nothing special here.”
When asked for physical identification, Smith initially claimed he had none but later provided a photo of a driver’s license. The address on it was over 300 miles from Houston.
Smith’s job application illustrates a growing threat to American companies, as many supposed IT workers linked to North Korea seek remote roles in foreign countries. This network aims to fund North Korea’s weapons program by securing multiple jobs and infiltrating companies to steal money.
Kraken avoided a potential breach, but others haven’t been as fortunate. The United Nations estimates North Korea earns $250 million to $600 million annually by deceiving overseas companies into hiring its agents. The “Famous Chollima” network was involved in 304 incidents last year, with cybersecurity firm CrowdStrike predicting ongoing threats in 2025.
The crypto sector is particularly vulnerable, with the Lazarus Group, another North Korean network, implicated in some of history’s largest crypto heists, including ByBit’s $1.5 billion hack in February and a $540 million theft from the Ronin Network blockchain in 2022.
Percoco speculated that Smith likely intended to steal funds after gaining access to Kraken’s internal systems. “They would get our company equipment, access some internal systems,” Percoco stated, “What they would do after that, we don’t know, but most likely try to steal funds.”
This report was featured on Fortune.com.
