This is a segment from the Empire newsletter. To read full editions, subscribe.
Picture the iconic Spider-Man meme with the various Spider-Men pointing at each other.
Got it in your head?
Kraken said yesterday that it turned the tables on a North Korean hacker who was trying to get a job at the exchange.
I spoke to Kraken’s chief security officer, Nick Percoco, who gave me some details that are, honestly, just perfect for a Friday edition.
Percoco told me Kraken had received a list of email addresses tied to hackers. They, as one would expect, checked to see if any of those addresses would pop up around Kraken. One did. The person had applied for a job and was in a pool of candidates.
Basically, he explained, the person’s resume wasn’t standout enough for the hiring team to otherwise pay attention. But the team decided to see what would happen if they proceeded with the hacker.
According to Percoco, given some red flags, the person wouldn’t have gotten very far in the job application process. For example, when the person joined a Zoom call, it was under a different name (not the name he’d used on the application), and then he quickly changed it.
When Percoco virtually sat down with the individual for one of the cultural interviews, things got interesting. It was Halloween, so naturally, Percoco asked the individual what he was doing for Halloween. After an extensive conversation, he claims it was pretty clear the person didn’t understand the holiday.
Then, when asked to pull out his phone and show his Google map location (to verify that he was in Houston, Texas), the individual struggled with that, too, Kraken said. It took him a few minutes of pretty obvious scrolling to find Texas on his Google Maps, per Percoco.
While this story is amusing now, it pulls back the curtain on a bigger problem in crypto. These bad actors are actively trying to infiltrate US crypto companies.
Percoco warned that companies have to be more careful about who they’re hiring and how they verify them. In Kraken’s case, the individual had enough missteps that he wouldn’t have made it through the normal process. But hiring someone directly through Discord, for example, could leave a project at risk.
His advice for screening a candidate that’s raising some red flags is to have them go to a place like a local Starbucks or McDonald’s and order something. That way — on a Zoom or virtual call — you can see where they are and it gives the interviewer insight into the location. For example, a McDonald’s in Germany would have German on the packaging instead of English, he said.
Get the news in your inbox. Explore Blockworks newsletters:
- Blockworks Daily: Unpacking crypto and the markets.
- Empire: Crypto news and analysis to start your day.
- Forward Guidance: The intersection of crypto, macro and policy.
- 0xResearch: Alpha directly in your inbox.
- Lightspeed: All things Solana.
- The Drop: Apps, games, memes and more.
- Supply Shock: Bitcoin, bitcoin, bitcoin.
