A North Korean agent applied for a job at a popular crypto firm: They tripped him up with a simple question about Halloween

Kraken’s job team, an Crypto exchange based in the United States, immediately noticed that something was outside of “Steven Smith”, a potential IT worker who applied for software engineering work in early October. But it was only when they compared Smith's emails to a list of people suspected of being part of a group of pirates that their suspicions were confirmed: Smith was a North Korean agent.

Kraken could simply have launched the application. Instead, Kraken's security director Nick Percoco decided to take a closer look at Steven Smith. He saw this as an opportunity to know more about the infiltration tactics of North Korea, which have stolen billions of crypto companies, and how it could prevent this from happening in Kraken.

Percoco decided to advance Smith throughout the job process, making him speak with a recruiter and carry out a technical test before setting up an interview. “We said it was going to be a little to know, in a way, a cultural interview.” Percoco said Fortune. “This is where he really failed. I don't think he really answered questions we asked him.”

Smith claimed to have obtained a Baccalaureate in Computer Science from New York University, according to a copy of his curriculum vitae examined by Fortune. He also said he had over 11 years of experience as a software engineer in American societies like Cisco and kindly human.

The interview was planned for Halloween, a classic American party, especially for New York students – that Smith seemed to know nothing.

“Be careful this evening because some people could ring at the door, children with chainsaws,” said Percoco, referring to the tradition of stuff or treatment. “What do you do when these people come?”

Smith shrugged and shook her head. “Nothing special,” he said.

Smith was also unable to answer simple questions about Houston, the city in which he had lived for two years. Although he listed “food” as an interest in his CV, Smith could not find a direct answer when he asked him about his favorite restaurant in the Houston region. He looked around for a few seconds before mumbling, “nothing special here”.

Here is the clip of the interview where Smith was asked about his favorite restaurant.

When he was asked to produce a physical identity document, Smith said that he did not have access to one for the moment, but after a few minutes, he shared a photo of a driving license with his name and photo. The address indicated on the identifier was more than 300 miles from Houston.

Smith’s job demand is part of an increasing threat faced with American companies, as thousands of sole IT workers with North Korea are trying to get hired for distance work in foreign countries. The network of agents is part of an effort to finance the program of weapons of mass destruction of the country by working both several jobs and by accessing businesses to steal money from the inside.

A growing threat

Kraken may have dodged a bullet, but some companies were not so lucky. The United Nations believe that North Korea has generated between $ 250 and $ 600 million per year by deceiving companies abroad to hire its spies. A network of North Koreans, known as the famous Chollima, was at the origin of 304 individual incidents last year, the cybersecurity company Crowstrike reportedpredicting that the campaigns will continue to grow in 2025.

Crypto has proven to be particularly vulnerable to this type of social engineering. The Lazare group, another North Korean network, has been linked to some of the largest crypto burglary in history, including the record hack of 1.5 billion dollars in crypto stock market in February and the flight of $ 540 million per dollars per dollars per dollars per dollars per Ronin network Blockchain in 2022.

Although Percoco does not know exactly what Smith's intentions were, he assumes that the operation intended to steal funds at a given time. “They would get our corporate equipment, they would have access to certain internal systems,” said Percoco. “What they would do after that, we don't know, but we most likely try to steal funds.”

This story was initially presented on Fortune.com