Crypto exchange Kraken is facing an extortion attempt from a criminal group threatening to release videos purportedly showing access to internal systems containing client data.
The Wyoming-based exchange said it identified and shut down two separate instances of unauthorized access tied to individuals within its support team, each involving limited client data.
What happened
The first incident came in February 2025, when Kraken received a tip about a video circulating on a criminal forum.
An internal investigation identified the individual involved, revoked their access and led to additional security controls.
More recently, Kraken received another tip and a similar video, and again identified and terminated the individual responsible.
Across both incidents, approximately 2,000 client accounts were potentially viewed — just 0.02% of Kraken’s total customer base.
Kraken’s response
Kraken’s chief security and information officer Nick Percoco was direct in his response, posting on X:
“Our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors.”
The exchange has notified all impacted users and tightened internal controls.
Kraken said it began receiving extortion demands shortly after the latest access was cut off, with the group threatening to distribute materials to media outlets and on social media.
Broader threat landscape
Kraken said it has been working with industry partners and law enforcement to investigate what it describes as broader insider recruitment efforts targeting crypto, gaming and telecommunications firms.
The exchange believes there is sufficient evidence to identify and arrest those responsible.
The cybersecurity threat environment in crypto has grown increasingly sophisticated, with attackers combining social engineering, insider recruitment and rapid fund movement to maximize impact.
Galaxy Digital also recently disclosed a separate cybersecurity incident involving unauthorized access to an isolated development workspace, though no client funds or account data were accessed or put at risk.
Percoco added:
“The security of our clients is our highest priority, and we remain fully committed to combating the growing global threat of insider recruitment and constantly enhancing our security practices to combat new threats.”
