Coinbase Tightens Security After North Korean Remote-Worker Threats

Coinbase, the world’s third-largest cryptocurrency exchange in the world is stepping up its security and blocking North Korean hackers from entering into their office.

According to Coinbase, there has been an increasing number of North Korean IT workers who has been trying to apply for a remote position at the crypto firm in the attempts to infiltrate into the company. Their goal is to gain insider access to platforms and extract funds on behalf of the regime.

In response, Coinbase CEO Brian Armstrong has announced tougher hiring measures. These include mandatory in-person training in the United States, along with stricter requirements for employees who have access to critical systems—such as U.S. citizenship and fingerprint verification.

“DPRK is very interested in stealing crypto,” Armstrong said during an interview on the Cheeky Pint podcast with host John Collins. “We can collaborate with law enforcement but it feels like there’s 500 new people graduating every quarter, from some kind of school they have, and that’s their whole job.”

Armstrong also noted that many of these workers are forced to work for the regime

“In many cases, it’s not the individual’s fault. Their family is being coerced or detained if they don’t cooperate.”

Rising Wave of North Korean Cyber Activity

The heightened security measures come amid a broader surge in North Korean cyberattacks on the crypto industry. In June, four North Korean operatives infiltrated several blockchain startups as freelance developers, stealing a combined $900,000, according to Cointelegraph.

Coinbase’s latest security overhaul also follows a recent data breach. In May, the exchange confirmed that less than 1% of its monthly active users were affected. While the direct financial cost could reach up to $400 million in reimbursements, critics warn the true danger is the exposure of sensitive user data.

TechCrunch and Arrington Capital founder Michael Arrington called attention to the “human cost” of the breach, noting that leaked information included customer home addresses and account balances—raising the risk of physical attacks on crypto holders.

Coinbase Among Most Impersonated U.S. Brands

Coinbase is also a prime target for scammers. A Mailsuite report revealed that the exchange was the most impersonated U.S. crypto brand in phishing attacks throughout 2024, with its name fraudulently used in 416 phishing scams over the past four years.

When accounting for all U.S. brands, Meta was the most impersonated, appearing in at least 10,457 scams, during the past four years.

The U.S Internal Revenue Service was second on the list, having been impersonated in at least 9,762 scams.