Do Son 
In June 2025, the Nasdaq-listed American cryptocurrency exchange Coinbase experienced a data breach. The incident was not the result of a direct cyberattack against Coinbase’s systems, but rather the betrayal of an Indian contractor who, after being bribed by hackers, acted as an insider.
The attackers also attempted to secure sensitive data by posing as job applicants and participating in remote interviews for Coinbase positions. However, irregularities uncovered during the background check process led Coinbase to terminate the recruitment. In the aftermath, the company began strengthening employee identity verification.
Specifically, Coinbase revised its policies by abandoning its “remote-first” model—mandating on-site work for certain roles—and introduced compulsory in-person training for sensitive positions. These requirements force employees to be physically present and verified, a measure that effectively thwarts North Korean hackers, who typically rely on falsified identities and remote work arrangements, making in-person verification impossible.
Furthermore, Coinbase imposed restrictions on critical roles, requiring applicants to hold U.S. citizenship, thereby excluding all non-citizens from applying. This additional safeguard is designed to prevent infiltration by hostile actors such as North Korean operatives.
In recent years, North Korean hacker groups have pursued a dual strategy: exploiting technical vulnerabilities to steal funds from cryptocurrency exchanges and Web3 platforms, while simultaneously using social engineering tactics and falsified credentials to gain insider access for financial theft.
Coinbase’s approach may soon inspire other exchanges to adopt similar measures. Though these policies may appear severe, from a security standpoint they significantly raise the barriers against infiltration by North Korean cyber groups.
Related Posts:
- Over 10 million Malaysian citizenship information was leaked due to SQLi bug
- Coinbase Announces Coinbase Open Source Fund
- Coinbase flaws allow a user to change Ethereum account balance
- Coinbase notifies 13,000 users that the IRS will get their data
- Social Engineering Attack: Coinbase Customer Data Stolen, 70K Users Affected
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
