- North Korean hackers tried to access Coinbase systems using fake names and remote jobs.
- Coinbase now requires U.S. onboarding; sensitive roles need citizenship and fingerprints.
- Some hackers offered staff huge bribes while using deepfakes to cheat interviews.
Coinbase is tightening internal security after North Korean hackers targeted its remote-friendly policies to gain jobs and access sensitive systems. While remote work remains, new hires must attend in-person training in the U.S., and employees handling sensitive data must be U.S. citizens and submit to fingerprinting. CEO Brian Armstrong confirmed the policy change, citing rising attempts to breach the exchange using fake identities and bribery.
Hackers Target Remote Policies to Infiltrate Crypto Systems
Speaking on Cheeky Pint, a podcast hosted by Stripe cofounder John Collison, Coinbase CEO Brian Armstrong revealed how North Korean hackers misuse remote hiring models. “They’ve tried to leverage the company’s remote work policy to gain employment and then access the crypto exchange’s sensitive systems,” Armstrong said.
He added, “It feels like there’s 500 new people graduating every quarter from some kind of school they have, that’s just their whole job.” Although Coinbase has not banned remote work, the company has adjusted onboarding to include mandatory in-person orientation in the United States. Employees working with sensitive systems must now hold U.S. citizenship and submit fingerprints as an added precaution.
These changes aim to reduce the risk posed by operatives who manipulate remote job opportunities to infiltrate firms. Armstrong confirmed that Coinbase works with law enforcement, but warned that “the threat just keeps growing.”
FBI and Cyber Experts Raise Red Flags on North Korean IT Infiltration
In a July advisory, the Federal Bureau of Investigation (FBI) warned that North Korean IT workers are using stolen identities and deepfake technology to infiltrate U.S. companies.
The agency said these operatives “target private companies to illicitly generate substantial revenue for the regime.” They often partner with both “witting and unwitting” individuals inside the U.S., who help facilitate access and operations.
Recent reports show that in June, four North Korean developers infiltrated multiple crypto startups and stole over $900,000 while posing as freelance workers.
The FBI’s bulletin mirrors Armstrong’s concerns about remote job platforms becoming entry points for state-sponsored hackers. While Coinbase had safeguards in place, it has now added more stringent requirements for high-risk roles.
Coinbase Faces Bribery Attempts and Identity Fraud
Armstrong also shared details of internal bribery attempts. Hackers have offered Coinbase staff hundreds of thousands of dollars to capture and share internal data. “We try to make it very clear that you’re destroying the rest of your life by taking this,” Armstrong said. “Even if you think it is a life-changing amount of money, it’s not worth going to jail.”
He noted that the company does not simply terminate compromised employees; it prosecutes. “When we catch people, we don’t walk them out the door. They go to jail,” he added.
Coinbase has now limited employee access to sensitive information and clearly outlined legal consequences to discourage insider threats. It also requires interviewees to keep cameras on during job interviews to block coaching or impersonation via AI tools.
Related: Coinbase Adds WLFI’s USD1 Stablecoin to Its Listing Roadmap
Coinbase Leads U.S. Crypto Firms in Brand Phishing Scams
According to a Mailsuite report, Coinbase ranked as the most impersonated U.S. crypto firm, with 416 phishing incidents reported between 2020 and 2024. The exchange’s popularity has made it a frequent target—not only for scammers attempting to steal user passwords and wallet credentials but also for fraudsters posing as fake job candidates. As these threats grow more sophisticated, Coinbase’s evolving hiring practices highlight how deeply cybersecurity is now embedded in modern workforce strategies.
