Cryptocurrency exchange Kraken has revealed it is facing an extortion attempt from a criminal group claiming to have video evidence of unauthorized access to its internal systems. Despite these claims, the company insists its infrastructure remains secure and that no client funds were ever exposed.
Insider-Linked Incidents Identified and Contained
According to Kraken, the situation originates from two separate cases of inappropriate access linked to individuals within its customer support team. These incidents involved limited client data and were quickly detected through internal monitoring systems.
The exchange emphasized that these were not external breaches but rather isolated insider-related events. In both cases, the individuals responsible were identified, and their access was immediately revoked.
Latest Incident Triggers Extortion Threat
The most recent development occurred when Kraken received a tip alongside a video allegedly showing internal system access. The company responded swiftly, identifying the individual involved and terminating their access.
Shortly after, the extortion group issued demands, threatening to release the materials publicly through media platforms and social channels. Kraken has refused to comply with these demands.
Company Leadership Takes Firm Stance
Nick Percoco, Chief Security Officer at Kraken’s parent company Payward, addressed the situation publicly, stating that the exchange’s systems were never breached and that customer assets remained completely safe.
He also made it clear that the company will not negotiate with cybercriminals, reinforcing Kraken’s zero-tolerance policy toward extortion attempts.
February 2025 Incident Sparked Initial Investigation
The first case dates back to February 2025, when a video surfaced on a criminal forum suggesting unauthorized internal access. Kraken launched an investigation, which led to the identification of the individual responsible.
Following this, the company terminated the person’s access and implemented additional safeguards to strengthen its internal security systems. Affected users were also notified as a precaution.
Minimal Impact on Customer Base
Across both incidents, approximately 2,000 accounts were potentially exposed to limited data access. With millions of users globally, this represents just 0.02% of Kraken’s total customer base.
The company reiterated that the exposure did not involve sensitive financial information or put any funds at risk.
Growing Trend of Insider Recruitment in Cybercrime
Kraken noted that the incidents may be part of a wider campaign involving the recruitment of insiders across industries such as cryptocurrency, gaming, and telecommunications.
The firm stated it is actively collaborating with law enforcement agencies and industry partners, adding that there is sufficient evidence to potentially identify and prosecute those behind the scheme.
Crypto Industry Remains a Prime Target
Security challenges continue to persist across the digital asset sector, driven by the high value and rapid transferability of cryptocurrencies. Cybercriminals are increasingly using advanced techniques, including social engineering and system exploitation, to gain access.
Recent incidents in decentralized finance (DeFi) have shown how attackers combine technical expertise with strategic manipulation to exploit vulnerabilities in complex systems.
Similar Incident Reported by Galaxy Digital
In a related development, Galaxy Digital, founded by Mike Novogratz, also disclosed a cybersecurity incident involving unauthorized access.
The company clarified that the breach was limited to an isolated development environment and did not impact client funds or account data.
Commitment to Enhanced Security Measures
Kraken reaffirmed its commitment to strengthening its security infrastructure and protecting users from emerging threats. The company stressed that safeguarding client assets remains its highest priority as cyber risks continue to evolve.
