Coinbase, the world’s third-largest cryptocurrency exchange, is ramping up internal security after reports that North Korean hackers are exploiting remote job applications to infiltrate crypto firms. CEO Brian Armstrong revealed that malicious IT workers have been targeting Coinbase’s remote-first policy in attempts to gain access to its sensitive systems.

To counter the threat, Armstrong confirmed new restrictions: all employees will now undergo in-person training in the United States, while workers with access to critical systems must hold U.S. citizenship and undergo fingerprinting. The move highlights the rising risks of state-backed cybercrime.

“DPRK is very interested in stealing crypto,” Armstrong said on the Cheeky Pint podcast. “It feels like there are 500 new people graduating every quarter from some kind of school, and that’s their whole job.” He added that many North Korean operatives are coerced into hacking, with families threatened if they refuse.

The warning follows a June incident where four North Korean developers infiltrated multiple crypto startups as freelancers, stealing nearly $900,000. These attacks are part of a broader surge in crypto-related cybercrime traced to North Korea.

Coinbase’s heightened caution also comes months after a damaging data breach that affected under 1% of its monthly active users but could cost the company up to $400 million in reimbursements. More concerning, industry veteran Michael Arrington warned the breach included home addresses and account balances, raising fears of physical attacks on victims.

A separate report showed Coinbase was the most impersonated U.S. crypto brand in phishing scams, used in at least 416 attacks over the past four years. Across all U.S. companies, Meta topped the list with more than 10,000 impersonation cases, followed by the IRS with nearly 9,800 scams.