• Coinbase now requires U.S. citizenship, fingerprinting, and in-person training for sensitive system access.
• FBI warns of North Korean IT operatives using U.S. facilitators to infiltrate crypto firms.
• A prior data breach exposed user addresses and balances, raising physical safety concerns.

Coinbase is overhauling its hiring and internal security rules after attempts by North Korean IT workers to infiltrate the company through its remote work policy. During a podcast with John Callison, CEO Brian Armstrong confirmed that the exchange will require stricter checks, including in-person training in the United States, as it faces rising cyber threats targeting cryptocurrency firms.

New Hiring Measures Introduced

Armstrong explained that remote workers had been exploited by North Korean operatives aiming to gain access to Coinbase’s sensitive systems. To counter this risk, the exchange now requires employees with system-level access to hold U.S. citizenship and undergo fingerprinting.

All new hires will also need to complete in-person orientation in the United States before accessing company resources. During interviews, candidates are required to keep cameras on to prevent impersonation, AI usage, or outside coaching. Armstrong said Coinbase is enforcing these measures in close coordination with law enforcement agencies.

He noted that many North Korean workers face support from the regime. Families are often threatened or detained if individuals refuse assignments. Despite this, the company has seen repeated attempts to bypass safeguards, which Armstrong described as a growing and organized challenge.

Rising Cyber Threats Against Crypto Firms

The new rules follow multiple reports of North Korean infiltration of crypto startups. In June, four operatives posing as freelance developers stole $900,000 from targeted companies.  In addition to the set rules, the FBI also issued an updated advisory warning U.S. firms that North Korean IT workers collaborate with both witting and unwitting facilitators. These include Americans who reship company laptops, join video calls on behalf of operatives, or set up front businesses.

Beyond external threats, Coinbase has also faced internal risks. Armstrong said some employees were offered hundreds of thousands of dollars in bribes to expose sensitive information. To prevent leaks, the company has tightened data access controls and emphasizes the legal consequences of violations. “When we catch people, we don’t walk them out the door, they go to jail,” Armstrong said.

Fallout From Previous Breach

Coinbase’s heightened vigilance comes months after a confirmed data breach affecting less than 1% of monthly transacting users. The incident may cost up to $400 million in reimbursement, but the risks extend beyond financial losses.

According to a May post on X by TechCrunch founder Michael Arrington warned that leaked customer data included addresses and balances, creating potential physical threats for users. Security experts view this as a reminder of the stakes surrounding data exposure in cryptocurrency markets.

According to a Mailsuite report, Coinbase was the most impersonated U.S. crypto brand in phishing attacks between 2020 and 2024, appearing in 416 cases. Only Meta and the IRS ranked higher across all U.S. companies. With growing concerns over cybercrime, Armstrong said Coinbase is expanding U.S.-based support, including a new center in Charlotte, North Carolina, to safeguard its operations.