Coinbase Reverses Remote-First Policy After North Korean Infiltration Attempts (businessinsider.com) 34
Remote work policies designed to attract top talent are becoming security vulnerabilities as state-sponsored hackers seek employment at cryptocurrency firms. Coinbase has implemented mandatory in-person orientation and US citizenship requirements for sensitive roles after detecting North Korean IT workers attempting to infiltrate the company through remote positions.
CEO Brian Armstrong revealed on Stripe cofounder John Collison's podcast that the exchange now requires fingerprinting and live video interviews after discovering coordinated efforts involving US-based facilitators who reship laptops and attend virtual interviews on behalf of foreign operatives.
CEO Brian Armstrong revealed on Stripe cofounder John Collison's podcast that the exchange now requires fingerprinting and live video interviews after discovering coordinated efforts involving US-based facilitators who reship laptops and attend virtual interviews on behalf of foreign operatives.
Best argument against remote (Score:2)
This is the best argument I have heard against remote work. Most of said arguments are total lies and bull.
But avoiding overseas criminals makes a reasonable argument, even if a once a week in the office does the same thing.
Re: (Score:1)
By best argument do you mean "We're just too lazy to properly vet and interview our candidates"?
Re:Best argument against remote (Score:5, Insightful)
If you have a way to reliably do that without requiring some kind of face to face meeting, b you should start a company offering the service. You'll be rich.
Re: (Score:2)
Unfortunately not, as it'd be easy to replicate. Right now I'm just using what I've built to prove I'm very real when talking with recruiters.
Re: (Score:1)
That's easy. Stop hiring from Asian countries.
Re: (Score:2)
And what about that all-remote candidate who says he lives in Minnesota? Says so right here on his application.
Re:Best argument against remote (Score:4, Funny)
And the (AI generated) guy in the Zoom interview looks white enough, even if he does have nine fingers.
Re: (Score:2)
I mean, when I get hired I have to provide proof of where I live for tax purposes. HR always asks for copies of my IDs, my home address, and my phone number. I also have to provide bank information for when I want to get paid. Ya'll are acting like it's just easy to say "Yes I live in Minnesota" and that's that.
Re:Best argument against remote (Score:4, Informative)
Pretty sure there are US collaborators that are helping to facilitate these types of setups in order to get their candidates to pass.
Otherwise, there would be a lot of demonstrably lax HR departments that are letting these phony employees in.
https://edition.cnn.com/intera... [cnn.com]
"One American woman, Christina Marie Chapman, was last month sentenced to eight-and-a-half years in prison for helping these operatives land jobs at more than 300 companies, generating over $17 million for Kim’s heavily sanctioned regime.
A prolific TikToker, Chapman charted her remarkable rise in public videos from poverty to international travel, courtesy of a new job in “a computer business,” that US investigators used to build their case.
Chapman is not the only US resident to have participated in the scheme.
Recently unsealed federal indictments show other US-based facilitators played a crucial role in the operation – laundering paychecks, stealing identities and running “laptop farms” that allowed North Korean workers to appear as if they were physically present inside the country. "
Re: (Score:2)
If you're backed by the North Korean government, that is decidedly *not* that. They'll provide the best ID forgeries, phone numbers that are forwarded to where their person is, fake home address (or maybe a real home address--just not where the person actually accessing the systems lives), bank accounts that are just fronts--the works. When you have the resources of a sovereign nation backing you, even one like North Korea, it's not a problem.
Re: (Score:2)
The trick being discussed, that you're too stupid to understand, it knowing the applicant is, in fact, in, or even from, an Asian country. One could, of course, just not hire anyone with slanty eyes. If one is willing to go out of business from the discrimination lawsuits that will inevitably (and rightly) result. You'd probably be OK with that, though. It's not like the Yellow Terror are human, after all.
Re: (Score:2)
Re: (Score:2)
You would make a terrible federal white suprem....ICE agent.
Yes, I would. So would you.
Re: (Score:2)
The trick being discussed, that you're too stupid to understand, it knowing the applicant is, in fact, in, or even from, an Asian country.
HR literally has to vet new hires for various legal reasons. One being for tax purposes. The other is verifying that you can indeed legally work in the US. Don't tell me that these people are that sophisticated that they have a fool proof scam going on that easily evades those verification steps. Hackers and scammers succeed because most companies are just plain lazy.
Re: (Score:2)
Identity theft is appallingly easy, and common. As is evidence by the regular news stories about it happening.
Remember the meat packing plant in Omaha where 80 illegals were arrested? According to the people involved in the investigation, they had at least 120 stolen SSNs between them (some use one to work, and another to collect welfare). Local news interviewed some of the victims.
And that was with face to face hiring.
HR can verify that the identity they're given has the right to work in the US. Verifying
Re:Best argument against remote (Score:5, Funny)
Turns out it's hard to perfectly vet your candidates remotely when there's a very professional cabal funded by a foreign government dedicated to outsmarting your vetting process.
https://www.cnn.com/interactiv... [cnn.com]
https://www.ic3.gov/PSA/2025/P... [ic3.gov]
https://www.cnn.com/interactiv... [cnn.com]
Re: (Score:2)
Easy enough to beat if you're willing to go to the effort of doing your interviews *in person*.
Re: (Score:2)
Easy enough to beat if you're willing to go to the effort of doing your interviews *in person*.
The whole point of the article we're discussing is that fully remote is easy to hack, and in-person is the solution proposed.
In person for the interview, and remote the rest of the time, is harder to hack, but can be vulnerable to an adversary hiring somebody to do the in-person interview.
Re: (Score:2)
Re: (Score:2)
It's the best argument against remote interviews, after that's established, fine to be remote.
Re: (Score:2)
I mean yes, but also no.
Yes, because it's a crypto-related business. So there is a very real possibility of a "remote" worker taking all funds of a customer and having no means of reversing it.
But also no, how bad is your screening that you don't interview prospective workers in person that are going to be that deep into your system? Hiring remote is fine as long as the job they are given is not one that reaches into critical systems. Critical systems should always be on-premises employees.
But the vast majo
Re:North Koreans (Score:4, Informative)
How do they even get into the country?
They don't.
Only the front who arranges the hiring is in the country; the actual worker is in North Korea, with the work distributed out by proxy servers at laptop farms. https://techcrunch.com/2025/06... [techcrunch.com]
Almost happened to our org with fake Indian worker (Score:3)
This almost happened to our organization where one Indian worker interviewed fantastically for a position of a developer and then in further interviews we noticed that the person has changed and couldn't quite answer more questions after the initial technical interview and the worker kept on saying that he had a connection and camera problems in the later interviews and there was not a good clarity of picture in those interviews supposedly. The strong accent did not help either with the difficulty in understanding him.
However, the manager kept going with the process since he's not the brightest tool in the shed in our Peter Principal sociopathic promotive organization tree.
However, when he asked that new worker to come have lunch with us in person to meet the team and then pick up his badge and his laptop. Suddenly that worker couldn't make it and asked for the laptop to be shipped to Chicago even though he understood that we were across the country in a different location.
Not attempts, successes. (Score:2)
The issue isn't that North Korean actors were making attempts but that they were successful but then were discovered. If not then they received a nastygram from law enforcement letting them know they would be legally liable for failing for failing to take proper precautions. Companies run by MBA cryptobros are not about to spend money they don't have to.
"It feels like there's 500 new people graduating every quarter from some kind of school they have — that's just their whole job,"
Yeah, it's North Korea's army.
WWIII (Score:1)
Re: (Score:1)
Indeed. We need to nuke the shit out of Russia while Cheeto Benito is still smiling at them.
Re: (Score:2)
Coming Soon: RTO to prove you're not N Korean! (Score:1)
you're N Korean! (Score:1)
Hiring remote workers for cheap - get burned (Score:1)
When an organization tries to hire remote workers in an effort "to attract top talent" that is euphemism for we want workers for cheap and do not want to pay the going rate for them. There are good reasons to have people come to the office to work. Security being among the top.