Coinbase’s new security measures—requiring in-person orientation and limiting certain roles to U.S. citizens—have ignited debate over whether the exchange is protecting itself or pushing the boundaries of U.S. anti-discrimination law.
Why Coinbase Is Tightening Security
Last week, CEO Brian Armstrong announced that Coinbase will require all new hires to attend in-person onboarding and that employees with access to sensitive systems must now be U.S. citizens and undergo fingerprinting.
The move isn’t about traditional cybersecurity firewalls—it’s about stopping infiltration. According to U.S. authorities, North Korean hackers have shifted tactics, posing as remote workers to land jobs at crypto and Web3 firms. By getting inside, they can bypass defenses, steal funds, and funnel them back to Pyongyang’s sanctions-strapped regime.
1/ My recent investigation uncovered more than $16.58M in payments since January 1, 2025 or $2.76M per month has been sent to North Korean IT workers hired as developers at various projects & companies.
— ZachXBT (@zachxbt) July 2, 2025
To put this in perspective payments range from $3K-8K per month meaning… pic.twitter.com/pjHZG9wJ4r
Given that Coinbase is one of the world’s largest exchanges, it’s a prime target.
The Legal Question: Is This Discrimination?
On the surface, a “U.S. citizens only” policy looks like it could clash with the Immigration and Nationality Act (INA), which bars employers from discriminating against lawful permanent residents, refugees, or asylees.
But the law makes exceptions. Roles tied to national security or sensitive technology can, in some cases, be restricted to U.S. citizens. Export control laws—like the Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR)—can also make it easier for companies to hire U.S. citizens rather than seek government licenses to share technology with non-citizens.
The gray area is whether Coinbase’s restrictions meet those standards—or whether they’ll be seen as overreach.
Coinbase Clarifies: Not a Blanket Ban
After initial backlash, a Coinbase spokesperson the policy is narrower than it sounded:
“We are not adopting a company-wide ‘U.S. citizens only’ hiring policy… These changes will primarily affect employees in roles with access to sensitive systems.”
They emphasized that most Coinbase jobs remain open to candidates worldwide and that the policy isn’t about invoking ITAR or EAR. Instead, it’s about stricter onboarding safeguards—identity checks, fingerprinting, and mandatory orientation sessions, including regional hubs for non-U.S. hires.
The Bigger Picture: Industry Under Pressure
Coinbase argues its approach isn’t just about compliance—it’s about survival. With state-backed hackers growing more sophisticated, companies are being forced to rethink remote hiring and identity verification.
“Given the rise in fraudulent applications and malicious actors attempting to infiltrate tech companies, we expect that stronger proof-of-identity and limited in-person requirements will become more common across the industry,” the spokesperson said.
In one of my favourite Cheeky Pint episodes to date, @brian_armstrong brings us behind the scenes at @coinbase: their battles against North Korean hackers, war stories from breakneck early scaling, confronting people who won’t use AI to code, Coinbase becoming people’s primary… pic.twitter.com/OyJkGGuGxV
— John Collison (@collision) August 20, 2025
The exchange has also rolled out a multi-layered defense strategy, including background checks, insider-threat monitoring, and mandatory security training, in addition to the new onboarding requirements.
What This Means for Crypto and Tech
Coinbase’s policy could become a test case for how far private companies can go when national security and anti-discrimination laws collide.
North Korea has dispatched thousands of skilled IT workers abroad with the aim of deceiving U.S. and other businesses worldwide into hiring them as freelance IT workers so they can support North Korean cyber operations and generate revenue for the North Korean regime. Learn more… pic.twitter.com/qctMta67BF
— NCSC (@NCSCgov) April 3, 2025
If regulators and courts view these restrictions as justified, other crypto and tech firms may follow suit, tightening hiring rules across the board. If not, Coinbase could face legal challenges that reshape how the industry handles insider threats.
For now, the exchange is betting that its security rationale will outweigh the legal risks—and that its policies will be seen as necessary in an era when hackers don’t just attack networks, but apply for jobs inside them.
