Coinbase Tightens Security with US Training Requirements After North Korean Infiltration Threats

Coinbase, America’s third-largest crypto exchange, is making major changes to how it hires and trains workers.

The company now requires all new employees to complete training in person in the United States. Workers who handle sensitive systems must be US citizens and provide fingerprints.

These changes come after CEO Brian Armstrong revealed that North Korean hackers have been trying to get jobs at Coinbase to steal crypto. Armstrong shared these details during a recent podcast interview with Stripe co-founder John Collison.

The North Korean Threat Is Real

Armstrong explained that North Korea trains hundreds of new cyber workers every few months. “It feels like there’s 500 new people graduating every quarter from some kind of school they have, and that’s their whole job,” he said during the interview.

These workers don’t just hack from the outside. They apply for real jobs at crypto companies, pretending to be legitimate remote workers. Once hired, they can access internal systems and steal digital assets.

Source: @collision

The threat is massive. FBI data shows that North Korean groups have stolen over $6 billion in crypto since 2017. In February 2025, they pulled off the biggest crypto theft ever, taking $1.5 billion from Bybit exchange.

How the Infiltration Works

North Korean operatives use fake identities and stolen documents to apply for remote jobs. They often work with Americans who help them by:

• Receiving company laptops at US addresses
• Attending video interviews on behalf of the real applicants
• Setting up fake businesses to make applications look legitimate

The FBI seized 137 laptops from 21 locations across 14 states in June 2025, all connected to these fake worker schemes.

Armstrong noted that some operatives are forced to participate. “In many of these cases, it’s not the individual person’s fault. Their family is being coerced or detained if they don’t cooperate,” he explained.

Coinbase Fights Back With New Rules

The exchange is taking several steps to block these infiltration attempts:

In-Person Requirements: All new workers must travel to the US for orientation. This makes it impossible for overseas operatives to fake their location.

Citizenship Checks: Anyone with access to sensitive systems must prove US citizenship and submit to fingerprint verification.

Better Interviews: Job candidates must keep their cameras on during video calls. This helps spot AI-generated faces and people being coached off-screen.

Stronger Support Centers: Coinbase opened a new customer service facility in Charlotte, North Carolina, to reduce reliance on overseas staff.

The company learned these lessons the hard way. In May 2025, Coinbase revealed that hackers had bribed customer support workers to steal user data. The thieves offered “hundreds of thousands of dollars” to employees willing to take photos of internal documents with personal phones.

Previous Security Problems

Coinbase’s new security push comes after a major data breach affected nearly 1% of users. The breach exposed home addresses and account balances, putting customers at risk of physical attacks. The company expects to pay up to $400 million to cover damages from this incident.

The exchange has also been a top target for scammers. Coinbase was the most impersonated crypto brand in phishing attacks during 2024, appearing in 416 fake websites and emails over four years.

The Bigger Picture

Coinbase isn’t alone in facing these threats. Other crypto companies have been hit too. In June 2025, four North Korean operatives working as fake freelance developers stole $900,000 from multiple startups.

The crypto industry faces a difficult choice. Remote work helps companies hire top talent from around the world. But it also creates security gaps that nation-state hackers can exploit.

Some experts worry about the industry’s culture of allowing anonymous contributors. While this privacy has helped many legitimate developers, it also makes it harder to spot bad actors.

Microsoft found similar problems across the tech industry. The company reported that between 2020 and 2022, over 300 US companies unknowingly hired North Korean workers, including several Fortune 500 firms.

Looking Forward

Armstrong believes the threat will keep growing. North Korea sees crypto theft as a way to fund its weapons programs while avoiding international sanctions. The regime has built what amounts to hacking schools that graduate new cyber workers every few months.

Coinbase’s response shows how serious the threat has become. The company went from embracing remote work to requiring physical presence for security-sensitive roles. This represents a major shift for a tech company that previously promoted flexible work arrangements.

The changes may cost more money and limit Coinbase’s ability to hire globally. But Armstrong seems convinced the security benefits are worth it. As he put it, the company tells employees that taking bribes isn’t worth “destroying the rest of your life” by going to prison.