A North Korea Agent applied for a job at a popular Crypt Sign

The Kraken Contracting Team, a US -based crypt exchange, immediately realized that something was out of “Steven Smith”, a computer worker who would be the one who would be who would applied For a software engineering job in early October. But it wasn’t until they compared Smith’s email with a list of suspects who were part of a group of hackers who confirmed their suspicions: Smith was an operation in North Korea.

Kraken could have finished launching the request. Instead, Kraken’s Security manager Nick Percoco decided to take a look at Steven Smith more. Saw this as an opportunity to find out more about infiltration tactics of North Korea, which has stolen billions of Crypt companies and how to prevent this from happening in Kraken.

Percoco decided to advance Smith through the recruitment process, doing it with a recruiter and performing a technical test before creating an interview. “We said this will be a knowledge, a cultural interview.” Said percoco Fortune. “It’s where he really failed. I don’t think he really answered any questions we asked.”

Smith claimed to have received a Baccalaureate Title in Computer Science from New York University, according to a copy of his revised curriculum by Fortune. He also claimed to have more than 11 years of experience as a software engineer in United States -based companies such as Cisco and kindly human.

The interview was scheduled for Halloween, a North -American classic party, especially for New York University students, of which Smith seemed to know nothing.

“Watch out for tonight for some people to sound the timbre, children with trading,” said Percoco, in reference to the tradition of tricks or treatment. “What do you do when these people appear?”

Smith spoiled and shook his head. “Nothing special,” he said.

Smith also could not answer simple questions about Houston, the city in which he allegedly lived for two years. Despite listening to “food” as an interest in his resume, Smith could not present a direct response when asked about his favorite restaurant in the Houston area. He looked around for a few seconds before murmuring, “nothing special here.”

Here is the interview clip where Smith was asked about his favorite restaurant.

When he was asked to produce a physical identifier, Smith said he did not have access to one for the moment, but after a few minutes he shared a photo of the driver’s license with his name and photo. The address appeared in the ID was more than 300 kilometers from Houston.

Smith’s work request is part of a growing threat to North -American companies, as thousands of supposed computer workers with links with North Korea try to hire remote work in foreign countries. The Network of Operators is part of an effort to finance the country’s mass destruction weapons program working multiple work at the same time and accessing companies to steal money inside.

A growing threat

Kraken may have dodged a bullet, but some companies have not been so lucky. The United Nations estimates That North Korea has generated between $ 250 and $ 600 million a year, deceiving companies abroad to hire their spies. A North Network -Coreans, known as the famous Chollima, was behind 304 individual incidents last year, the cybersecurity company crowd informedPredict that campaigns will continue to grow in 2025.

Crypto has proven to be especially vulnerable to this type of social engineering. The Lazarus group, another North Koreans network, has been related to some of the largest crypto in history, including record record Hack of $ 1.5 billion by Crypto Exchange Bybit in February and theft of $ 540 million from the Ronin Network Blockchain in 2022.

Although Percem does not know exactly what Smith’s intentions were, he assumes that the operator intended to steal funds at some point. “They would get the company team, they would get access to some internal systems,” said Percoco. “What they would do after that, we don’t know, but they are very likely to try to steal funds.”

This story originally presented to Fortune.com