Inside the War on Crypto: Coinbase CEO Details Fight Against North Korean Hackers
With each passing year, the number of cryptocurrency-related attacks orchestrated by North Korean groups continues to grow. Their methods are becoming increasingly sophisticated—ranging from large-scale breaches to infiltrating companies through planted employees. Coinbase CEO Brian Armstrong highlighted this trend, stressing that the company has been forced to adopt ever-stricter measures to safeguard its systems.
The most notorious case in recent years was the theft of approximately $1.5 billion in Ethereum from the Bybit exchange in early 2025, an operation attributed to the infamous North Korean group Lazarus. Beyond hacking and extortion, members of this organization have been actively creating fake job postings and attempting to secure positions at cryptocurrency firms, posing as ordinary specialists while channeling funds back to the DPRK.
Earlier this spring, Coinbase itself faced an attempt to bribe its overseas employees. The attackers aimed to obtain access to user data and subsequently demanded a $20 million ransom. Armstrong emphasized that countering such threats requires not only robust technical defenses but also new human resource practices.
According to Armstrong, the DPRK operates entire training centers that graduate hundreds of individuals groomed for such activities. Many are coerced into this work under duress, as their families face reprisals should they refuse to cooperate. For this reason, Coinbase has tightened its vetting procedures. All new employees are required to undergo in-person training in the United States, where the company verifies their citizenship and ensures they have family ties within the country. Additionally, interviews and work meetings are conducted exclusively with cameras on, to prevent the use of artificial intelligence or external coaching.
Particular scrutiny is placed on customer support divisions. Armstrong revealed that their staff operate under tightly controlled conditions and rely on specially secured Chromebooks. Nevertheless, North Korean intermediaries have repeatedly offered them hundreds of thousands of dollars to smuggle in personal phones and photograph screens. The Coinbase CEO underscored that those caught engaging in such actions face criminal prosecution.
In his view, the primary mission of companies is to complicate the attackers’ objectives—strengthening identity verification requirements, segmenting access to data, and demonstrating that bribery attempts carry serious consequences. Yet Armstrong stressed that the true deterrent should not rest solely on punishing isolated insiders, but on exerting pressure against the organizers themselves, ensuring that cryptocurrency services remain a formidable and unprofitable target for such groups.
