In a time where cyberespionage has replaced traditional spycraft, a recent case shows how a single, simple question helped expose an undercover agent. The attempted infiltration happened during a remote job interview with Kraken, a US-based cryptocurrency exchange, and what followed revealed the evolving face of global espionage.
The strange case of “Steven Smith”
A man calling himself Steven Scott Jr. Smith applied for a software engineering job at Kraken. His résumé seemed perfect, listing major companies and years of experience. But his behavior raised suspicions immediately—he hesitated on simple questions, switched names mid-call, and seemed to rely on someone feeding him answers.
The Halloween trap
The interview took place on October 31, Halloween in the United States. During casual conversation, a recruiter mentioned trick-or-treaters and closing the office early. Steven replied he wouldn’t do anything special if kids knocked on his door. That small cultural disconnect triggered alarm bells: someone living in Houston, Texas for two years should know how central Halloween is.
More red flags, more doubts
Recruiters dug deeper. When asked to recommend a restaurant in Houston, Steven—who claimed food was his passion—awkwardly said, “nothing special here.” Later, his driver’s license showed an address hundreds of kilometers from Houston. Everything pointed to a carefully constructed false identity.
The bigger picture: Espionage in the digital age
Kraken’s team continued the interview not to hire him, but to study him. The attacker was likely part of a larger North Korean operation aiming to infiltrate tech companies and fund weapons programs. This is part of a growing trend: not all attacks come from hackers—some try to walk right through the front door.