- Coinbase detects infiltration attempts by North Korean workers taking advantage of remote work.
- New requirements: in-person orientation in the U.S., U.S. citizenship, and fingerprints to access sensitive systems.
- FBI warns of facilitators spoofing interviews and forwarding laptops; Coinbase opens center in Charlotte, North Carolina.
- A wallet labeled as "Coinbase hacker" moved millions; analysts estimate user losses due to social scams exceeding 300 million.
Coinbase has made a remarkable turnaround to its "remote-first" culture after identifying Details of the cyberattack on Coinbase by North Korean hackers who were seeking to enter as fake candidates and gain access to internal systems. The company has moved to close loopholes in its processes and strengthen end-to-end identity verification.
According to its CEO, Brian Armstrong, there is a constant flow of applicants with highly qualified technical profiles that try to take advantage of the distance of remote work. The pressure of security has forced a rethinking of procedures: more controls, more physical presence and less exhibition space.
How they tried to break into Coinbase
The company and security forces have detected a pattern: candidates operating under false identities, supported by facilitators in the United States and other countries, who reach attend interviews instead, set up shell companies and even forward corporate laptops to bypass access filters. Armstrong reports "hundreds" of new attempts every quarter, a number that continues to grow.
The FBI has warned of networks that operate with people "aware or unaware" of the plot, which complicates detection. Impersonation in interviews has become more sophisticated with video tools and remote coaching, raising the bar for hiring teams to apply.
The internal security turn
For roles with contact with critical data or systems, US citizens only may have access, and must submit to fingerprinting and other on-site checks. In addition, all the new additions They undergo an on-site orientation in the United States before beginning operations.
Interviews now include the camera on mandatory To confirm identity and detect signs of impersonation, external coaching, or the use of AI and deepfakes. Coinbase has tightened its work environments: armored installations, equipment such as Chromebooks configured to minimize risks and segmented and limited access.
The company has established a zero-tolerance policy for risky internal behavior. Armstrong has been blunt in describing the consequences: Whoever breaks the rules ends up in the hands of justiceThe message is intended to deter both insiders and employees tempted by bribes.
Bribery and insider risk
Coinbase has detected attempts to bribing customer service agents with amounts of hundreds of thousands of dollars in exchange for sensitive data, as well as cases of mobile phones brought into secure areas to photograph screens. The company claims it has strengthened controls and monitoring to prevent leaks and document any evidence of malpractice.
With the aim of concentrating critical operations in national territory and reducing risk vectors, Coinbase has boosted its support in the US. and opened one installation in Charlotte, North Carolina"Physical presence" is gaining weight as evidence in a context of increased threat sophistication.
The on-chain trail of the "Coinbase hacker"
In parallel to the infiltration attempts, blockchain analysis has followed the movements of a wallet labeled by specialized firms as Coinbase hacker. This wallet would have converted DAI to USDC, bridged funds to Solana and acquired around 38.126 SOL about 209 dollars per unit, using capital of alleged illicit origin.
This same wallet had already stood out for relevant operations with Ether: sales of tens of thousands of ETH and one-off purchases on specific dates, movements that analysts attribute to strategies to hide and diversify funds. On-chain researchers estimate that the Coinbase users have lost more than 300 million in social engineering scams linked to this type of campaign.
What it means for candidates and employees
In the face of new processes, the company maintains on-camera interviews to prove identity and rule out coaching, requires face-to-face orientation in the US and sets higher verification thresholds for sensitive functions. The trend is towards proof of physical presence gain relevance in the era of AI and deepfakes.
For the already operational staff, the priority is reduce access privileges, strengthen monitoring and work with closed environments. The coexistence between work flexibility and tighter controls It is reconfigured with a clear mission: protect assets, data and users themselves from persistent and increasingly creative threats.
The situation leaves a clear reading: Hackers keep pushing And Coinbase has opted to sacrifice part of its remote model to raise the bar on security. With more in-person verification, tough internal measures, and on-chain tracking of suspicious funds, the company is trying to contain a risk that shifts, mutates, and demands adaptive defenses risk management.
I am a technology enthusiast who has turned his "geek" interests into a profession. I have spent more than 10 years of my life using cutting-edge technology and tinkering with all kinds of programs out of pure curiosity. Now I have specialized in computer technology and video games. This is because for more than 5 years I have been writing for various websites on technology and video games, creating articles that seek to give you the information you need in a language that is understandable to everyone.
If you have any questions, my knowledge ranges from everything related to the Windows operating system as well as Android for mobile phones. And my commitment is to you, I am always willing to spend a few minutes and help you resolve any questions you may have in this internet world.