The Kraken cryptocurrency exchange disclosed that a cybercriminal group is attempting to extort the company by threatening to release videos showing internal systems containing client information. Chief Security Officer Nick Percoco stated that client funds were never at risk and that the incident involved an insider threat where support employees improperly accessed limited customer data in two separate instances. The company has declared it will not pay or negotiate with the attackers.
Kraken initiated investigations after receiving tips about videos circulating among cybercriminals demonstrating access to client support systems, leading to the identification of support employees recruited by threat actors. In both cases, the exchange revoked employee access, strengthened controls, and notified affected users directly. Approximately 2,000 accounts representing 0.02 percent of Kraken's user base were impacted, with exposed information limited to client support data.
The company has gathered sufficient evidence for legal prosecution of all individuals involved and is working with federal law enforcement across multiple jurisdictions. Insider threats and malicious recruitment remain broader challenges across industries, particularly in cryptocurrency. A similar incident at Coinbase in mid-2025 involved hackers bribing customer support agency employees, affecting 70,000 customers with estimated financial damages of $400 million. Kraken continues to operate normally with no disruption to trading services.
Read more...