Coinbase, the world’s third-largest cryptocurrency exchange by volume, is seeing a new wave of threats from North Korean hackers seeking remote employment with the company.

North Korean IT workers are increasingly targeting Coinbase’s remote worker policy to gain access to its sensitive systems.

In response, Coinbase CEO Brian Armstrong is rethinking the crypto exchange’s internal security measures, including requiring all workers to receive in-person training in the US, while people with access to sensitive systems will be required to hold US citizenship and submit to fingerprinting.

“DPRK is very interested in stealing crypto,” Armstrong told Cheeky Pint podcast host John Collins in a Thursday episode. “We can collaborate with law enforcement […] but it feels like there’s 500 new people graduating every quarter, from some kind of school they have, and that’s their whole job.”

He added that some operatives are coerced into working for the regime. “In many of these cases, it’s not the individual person’s fault. Their family is being coerced or detained if they don’t cooperate,” said Armstrong.

Armstrong’s comments come amid a wave of rising North Korean cyber activity beyond Coinbase.

In June, four North Korean operatives infiltrated multiple crypto firms as freelance developers, stealing a cumulative $900,000 from these startups, Cointelegraph reported.

Related: Bitcoin ETFs are next major target for North Korean hackers — Cyvers

Coinbase data leak could put users in physical danger

Armstrong’s new measures come three months after the exchange confirmed that less than 1% of its transacting monthly users were affected by a data breach, which may cost the exchange up to $400 million in reimbursement expenses, Cointelegraph reported on May 15.

However, the “human cost” of this data breach may be much higher for users, according to Michael Arrington, the founder of TechCrunch and Arrington Capital, who highlighted that the breach included home addresses and account balances, leading to potential physical attacks.

Related: Hoskinson promises audit, is ‘deeply hurt’ by $600M Cardano treasury claims

Among all United States crypto firms, the Coinbase brand was most impersonated in phishing attacks in 2024, fraudulently used across 416 reported phishing scams in the four previous years, according to a Mailsuite report shared with Cointelegraph.

Accounting for all US brands, Facebook’s parent company, Meta, was the most impersonated brand by scammers, appearing in at least 10,457 reported scam incidents during the past four years.

The US Internal Revenue Service was the second on the list, having been impersonated in at least 9,762 scams.

Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why