Coinbase prides itself on “remote-first” work, but CEO Brian Armstrong said the company was forced to make changes to thwart a foe: North Korea.
Armstrong said that North Korean IT workers have tried to leverage the company’s remote work policy to gain employment and then access to the crypto exchange’s sensitive systems. Coinbase works with law enforcement, but Armstrong said the threat just keeps growing.
“It feels like there’s 500 new people graduating every quarter from some kind of school they have — that’s just their whole job,” Armstrong told John Collison, cofounder and president of online payment provider Stripe, in an episode of Collison’s “Cheeky Pint” podcast posted on Wednesday.
Armstrong said that Coinbase is requiring all workers to come to the US for in-person orientation and that anyone with access to sensitive systems must hold US citizenship and submit to fingerprinting.
Last month, the FBI put out an updated warning about North Korean IT workers who target private companies “to illicitly generate substantial revenue for the regime.” The FBI said that the IT workers work with both “witting and unwitting” people within the US.
The FBI said US-based facilitators have reshipped company laptops, attended virtual interviews on behalf of North Korean workers, and even created front businesses.
Armstrong said that in many cases, workers themselves might be a target and are being coerced to participate. He said that Coinbase requires prospective employees to turn on their camera during interviews “to prove they’re not AI” or not being coached.
Related stories
Business Insider tells the innovative stories you want to know
Business Insider tells the innovative stories you want to know
Ultimately, Armstrong said that security risks have led Coinbase to build up US-based customer support, pointing to the company’s new facility in Charlotte, North Carolina.
“It feels like proof of physical presence is going to be become a bigger deal in a world of AI, deepfakes, just higher stakes for all this kind of cyber crime stuff where in a weird way you see certain areas where remote work goes backwards,” Collison said.
Armstrong said Coinbase has also made aggressive efforts to deter internal threats to sensitive information. In some cases, “threat actors” have offered hundreds of thousands of dollars in bribes to customer service agents to take photos of sensitive information.
Part of the way Coinbase deters this, Armstrong said, is by locking down the information employees have access to. It’s also by making it clear what the consequences will be.
“When we catch people, we don’t walk them out the door, they go to jail,” Armstrong said. “And we try to make it very clear that you’re destroying the rest of your life by taking this, even if you think, whatever, it is a life-changing amount of money, it’s not worth going to jail.”
