Coinbase, the third-largest cryptocurrency exchange globally by volume, is facing a surge of threats from North Korean hackers looking for remote job opportunities with the company.
North Korean IT professionals are increasingly exploiting Coinbase’s remote work policies to gain access to its sensitive systems.
In response, Coinbase CEO Brian Armstrong is re-evaluating the exchange’s internal security protocols, including mandating in-person training in the US for all employees. Additionally, those with access to sensitive information will need to be US citizens and undergo fingerprinting.
“DPRK is very interested in stealing crypto,” Armstrong mentioned during a Thursday episode of the Cheeky Pint podcast with host John Collins. “We can collaborate with law enforcement […] but it feels like there’s 500 new people graduating every quarter from some kind of school they have, and that’s their whole job.”
He also noted that some individuals are coerced into working for the regime. “In many of these cases, it’s not the individual person’s fault. Their family is being coerced or detained if they don’t cooperate,” Armstrong stated.
Armstrong’s remarks come as North Korean cyber activity begins to rise beyond Coinbase.
In June, four North Korean operatives managed to infiltrate multiple crypto companies as freelance developers, collectively stealing about $900,000 from these startups, according to Cointelegraph.
Related: Bitcoin ETFs are next major target for North Korean hackers — Cyvers
Coinbase data breach might endanger users
The new measures from Armstrong arrive three months after Coinbase confirmed that fewer than 1% of its monthly active users were impacted by a data breach, which could cost the exchange up to $400 million in reimbursement, as reported by Cointelegraph on May 15.
However, according to Michael Arrington, founder of TechCrunch and Arrington Capital, the “human cost” of this breach may be significantly higher for users, especially since it included home addresses and account balances, raising the risk of physical attacks.
Related: Hoskinson promises audit, is ‘deeply hurt’ by $600M Cardano treasury claims
Among all US crypto firms, Coinbase was the most impersonated brand in phishing attacks in 2024, reportedly appearing in 416 phishing scams over the previous four years, according to a Mailsuite report shared with Cointelegraph.
In terms of all US brands, Meta, Facebook’s parent company, was the most frequently impersonated brand by scammers, being reported in at least 10,457 scams over the past four years.
The US Internal Revenue Service ranked second, having been impersonated in at least 9,762 incidents.
Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why
