How Flipster strengthens workforce security with Persona
Scaling a fully remote team creates new vulnerabilities: specifically, the risk of threat actors impersonating employees. Learn how Flipster safeguards its workforce with continuous identity verification.
Flipster is a global cryptocurrency perpetual futures trading platform offering access to more than 400 trading pairs. The exchange serves millions of users across nearly 200 markets and has safeguarded more than $230 million in customer assets over its operating history.
Crypto exchanges are frequent targets for sophisticated attacks — and from day one, Flipster’s infrastructure was built to defend against external threats. In fact, the company recently earned recognition for its high security bar with a top-10 ranking from Cer.live, a leading cybersecurity ranking platform.
But as Flipster grew, a new attack surface emerged: employee access across its distributed workforce.
Traditional authentication methods and background checks have limitations, particularly in a global hiring environment. We needed stronger assurance that anyone accessing internal systems was verified and continuously accountable.
The challenge: preventing impersonation in a remote-first organization
In recent years, sophisticated threat actors have begun exploiting security gaps in remote hiring and access workflows by posing as legitimate employees.
Once hired, these threat actors can swiftly gain access to internal systems. For crypto platforms, that access can translate into influencing wallet operations, trading systems, or withdrawal workflows.
“Flipster operates as a fully remote organization, which introduces a distinct set of security challenges,” says Justin Hong, CISO at Flipster. “Crypto exchanges are persistent targets for sophisticated threat actors, and there have been real-world cases of attackers attempting to infiltrate companies by pretending to be real job applicants.”
As a remote-first company, Flipster needed a way to ensure that anyone accessing internal systems was who they claimed to be — not just at onboarding, but throughout their employment.
“Traditional authentication methods and background checks have limitations, particularly in a global hiring environment,” says Justin. “We needed stronger assurance that anyone accessing internal systems was verified and continuously accountable.”
To address these workforce security gaps before they became security breaches, Flipster turned to employee identity verification (IDV).
“For companies facing persistent sophisticated threats, workforce identity verification is no longer optional,” says Justin. “It’s a fundamental part to operating securely at scale.”
Persona’s OIDC integration lets us embed identity verification directly into our authentication flow and tie access to verified identities.
Securing remote access with ongoing IDV
In Flipster’s search for an IDV solution, Persona — an Okta partner — stood out for the depth of its Okta integration.
“Building custom workflows would have been complex given the need for recurring verification and flexible policy configuration,” says Justin. “Persona’s OIDC integration lets us embed identity verification directly into our authentication flow and tie access to verified identities.”
To implement Persona, Flipster chose to verify employee identities at key moments in the employee life cycle:
Onboarding: When employees first join, Flipster requires government ID and liveness-based verification. “By verifying employees at onboarding, Persona allows us to raise our security baseline while keeping friction low for our team,” says Justin.
Weekly checkpoints for sensitive access: For employees with access to sensitive systems, the team introduced weekly selfie reverification rather than with every login or at irregular checkpoints. “Weekly reverification struck the right balance between security and usability,” says Justin. “It’s enough to meaningfully reduce the risk of account takeover or impersonation, but it’s also manageable for employees in the day to day.”
To onboard current employees into the new security system, Flipster briefed teams on the threat environment and walked them through the verification process with demos. So far, onboarding has been smooth, and employee adoption has been strong with minimal disruption.
“Our employees adjusted quickly to verifying with Persona once it became a part of their regular workflow,” Justin notes. “They’ve found the verification experience straightforward and intuitive.”
Persona has become a core component of our internal security controls. We’re confident that internal access to our systems is tied to verified employees, even in a distributed and remote environment.
The impact: stronger identity assurance without unnecessary friction
Today, Flipster has reduced its risk of exposure to fake employees, shared accounts, and unauthorized access.
“Persona has become a core component of our internal security controls,” confirms Justin. “We’re confident that internal access to our systems is tied to verified employees, even in a distributed and remote environment.”
Importantly, these internal security gains came without compromising usability or the employee experience.
“Persona delivers the capabilities we require for a fully remote organization operating in a high-risk environment,” says Justin. “The security model is robust and the user experience is well-designed. Most importantly, Persona’s Okta integration is reliable.”
By adding Persona to its security stack, Flipster has strengthened its security foundation while scaling in a high-risk industry. As Flipster continues to scale its global product ecosystem and Web3 features, a strong security foundation will be critical for growth.
“Persona is the right partner for us as we scale,” concludes Justin.
For companies facing persistent sophisticated threats, workforce identity verification is no longer optional. It’s a fundamental part to operating securely at scale.
