Hiring in Crypto? Beware—Hackers Are Using Social Engineering To Get In

Key Takeaways

• Fake job applicants target crypto firms using social engineering tactics.
• A North Korean hacker almost infiltrated Kraken through a fake interview.
• Red flags include vague answers, no video, and masked identities.
• Strong hiring protects teams and the crypto space, without losing ethics.

The crypto job market keeps growing, attracting skilled workers and cyber threats. 

In May 2025, Kraken, a centralized cryptocurrency exchange, revealed that a supposed software engineer named “Steven Smith” was actually a North Korean hacker trying to infiltrate the company.

North Korean hacker groups, especially the Lazarus Group, have repeatedly targeted cryptocurrency exchanges and companies. These operations are believed to help fund North Korea’s nuclear weapons and ballistic missile programs, according to multiple reports from the United Nations, U.S. Treasury , and cybersecurity firms like Chainalysis .

Kraken’s security team, led by Chief Security Officer Nicholas Percoco, continued the interview process to understand how these threats operate. 

Percoco used casual questions about Halloween and food to uncover inconsistencies in the applicant’s story. What started as a standard hiring process became a live investigation into state-backed deception.

This article explains the social engineering tactics targeting crypto employers, the red flags in suspicious job applications, how to vet candidates in Web3, and what crypto companies can do to strengthen their hiring protocols.

What Happened at Kraken: The North Korean Job Applicant Incident

Steven Smith submitted a resume, completed tests, and scheduled interviews. But things changed during the live video calls. He used a different name when joining the call, and his voice occasionally shifted, as if someone was coaching him in real time. 

The applicant failed to provide clear answers or showed confusion, revealing gaps in cultural knowledge that usually come with living in the U.S., as the resume claimed. Further checks raised deeper concerns. 

The email address matched one used in past North Korean cyber campaigns. The GitHub activity was tied to compromised codebases. 

The applicant also accessed the interviews through remote desktops behind a VPN, masking the real location. This case is not isolated and similar tactics have been reported.

Kraken documented the whole process and shared it with media outlets to warn others in the industry, ensuring that Steven did not get the job at Kraken. 

However, as Chief Security Officer Nicholas Percoco pointed out, he almost certainly got hired by another company in the industry.

How Social Engineering Targets Crypto Recruiters and Employers

CCN reached out to Sam Wellalage, executive recruiter in blockchain and fintech at WorkInCrypto, to understand how fake job applicants have evolved in the Web3 space. He confirmed that this is not new, but the methods have changed.

“This is something I’ve been seeing for a while,” he said, explaining that the problem includes both fake job ads and fake applications. The focus here, he noted, is on the applicants, who have grown far more sophisticated since 2021.

Wellalage recalled how scams used to be easy to spot. Fake candidates often used common names like “John Matthews” and listed experience from top-tier firms. However, once asked for a video interview, they would claim a camera malfunction and refuse to show their face.

Today’s tactics go further. Some applicants mimic real professionals with cloned resumes, coached responses, and masked identities. Wellalage emphasized the importance of using live video.

“We never put someone forward unless we’ve spoken to them on video ourselves, no matter what level they’re at.” The issue, however, lies with companies and recruiters who skip this step and forward candidates without even seeing them or assessing them in depth.

Surface-level questions do not reveal the truth. Instead, Wellalage advises asking what the applicant personally did on past projects and how it impacted outcomes. “The depth and authenticity of those answers usually tell you everything you need to know.”

Red Flags in Crypto Job Applications You Shouldn’t Ignore

In Web3 hiring, scammers no longer rely on fake resumes alone; they create full identities meant to slip through basic screening. Hiring teams must recognize warning signs early in the process.

Some of the red flags are the following:

• Avoidance of video calls: Candidates who always have a “broken camera” or poor internet connection may be hiding more than technical issues.
• Unverifiable experience at top companies: Resumes that list major firms with no links, portfolio, or specifics on what they did. 
• Lack of references: Asking for references is a must for HR hiring teams.
• Coached or vague responses: Replies like “I contributed to the platform’s success” instead of clear, personal contributions.
• Voice inconsistencies or shifts: Sudden changes in tone or accent may point to real-time coaching or impersonation.
• Remote desktop or VPN usage: Masking IP addresses and locations is common among applicants trying to conceal their identity.
• Cultural knowledge gaps: Candidates should be able to demonstrate familiarity with cultural references relevant to the region they claim to be from. For example, someone claiming to be based in Japan might be expected to recognize references to local traditions or typical weather patterns during specific times of the year.
• No digital footprint: Empty GitHub repositories, inactive LinkedIn accounts, or profiles created within the last few weeks.
• Push for a fast process: Applicants who pressure recruiters to skip steps or make quick decisions often want to bypass thorough checks.
• Refusal to provide references or real work samples: Genuine candidates usually provide previous work or direct links without hesitation.

Preventative Measures: How to Vet Candidates in Web3

Hiring in Web3 involves unique risks that traditional frameworks do not fully address. Remote structures, pseudonymous applicants, and decentralized team models increase the likelihood of infiltration. 

Strengthening protocols requires balancing privacy concerns with the need for rigorous verification.

Recommended practices for reinforcing hiring frameworks include:

• Starting with video interviews: Confirms identity and reduces the risk of deepfakes or coached answers.
• Requesting detailed portfolios: Verifies experience beyond surface-level claims.
• Use live technical assessments: Evaluates thinking in real-time instead of relying on memorization.
• Asking behavioral questions tied to crypto contexts: Reveals authentic experience in the space.
• Verifying GitHub and public contributions: Confirms open-source work through commit history and activity.
• Speaking to direct managers or team leads: Getting adequate references gathers firsthand insights from credible sources.
• Reviewing social and professional profiles: Ensures consistency in identity across platforms.
• Analyzing blockchain addresses when appropriate: Validates claimed experience through on-chain activity.
• Evaluating communication throughout: Provides information about professionalism and reliability during the process.

Strengthening Hiring Protocols in the Crypto Industry

These are strategic and structural changes that make the entire hiring system more secure over time:

• Role-specific workflows: Creating repeatable, risk-aware processes for every role increases security.
• Standard video interviews: Live checks across all hiring stages and functions is always necessary.
• Facial recognition with consent: This should ensure compliance with privacy standards.
• ID verification: Applying proportionate identity checks is always a good practice.
• Using experienced external recruiters: Enforcing internal security expectations externally is necessary.
• Limited access during onboarding: Applying least-privilege principles from day one can be useful.
• Logging red flags consistently: This is a way of tracking anomalies to identify patterns over time.
• Regular training of hiring teams: Ensure that staff members are informed of emerging fraud tactics and ethical hiring practices.

Conclusion

A strong hiring process protects companies, projects, and entire organizations and it reinforces the integrity and credibility of the crypto ecosystem. But security must never override ethics.

As cases of company espionage rise across the industry, protecting internal systems from infiltration is essential.

The best defense against social engineering is a balance of structured verification, professional empathy, and respect for privacy. 

Web3 companies that invest in thoughtful hiring frameworks will be able to block insider threats and build trust with the right talent.

FAQs