Kraken has revealed that it is currently dealing with extortion attempts from a criminal group that is threatening to release videos allegedly showing internal systems containing client related data.
The exchange stressed that its core systems were not compromised, no customer funds were ever exposed to risk, and it will not engage with or pay the attackers.
Insider Access Incident Investigated
Chief Security Officer Nick Percoco stated in a post on X that Kraken identified and stopped two separate cases of improper access involving limited customer support information.
The first incident occurred in February 2025 after the company was alerted to a video circulating on a criminal forum that appeared to show access to its internal support tools. An internal investigation traced the activity to a support team employee.
The employee’s access was immediately revoked and a full review was launched. Kraken also strengthened its security controls and notified a small number of affected users.
Following this, the company worked with industry partners and law enforcement to investigate broader insider recruitment attempts targeting crypto firms as well as companies in the gaming and telecommunications industries.
In a more recent case, Percoco said Kraken received another tip along with a separate video showing similar unauthorized activity. The exchange again identified the individual involved, removed access, conducted an investigation, and informed impacted users. Across both incidents, around two thousand accounts were potentially viewed, representing roughly 0.02 percent of Kraken’s users.
Shortly after access was revoked in both situations, the company began receiving extortion demands. The attackers threatened to release the materials publicly unless their demands were met. Kraken refused to comply and stated it will not pay any ransom.
Based on internal intelligence and ongoing investigations, the exchange believes there is enough evidence to support identifying and arresting those responsible. Kraken is now cooperating with federal law enforcement agencies across multiple jurisdictions. The company added that the investigation remains active and encouraged anyone with relevant information to come forward.
Comparison With Coinbase Security Incident
Coinbase also experienced a major security breach in 2025, where attackers reportedly laundered millions in stolen crypto and taunted investigators online. Unlike Kraken’s case involving internal misuse, the Coinbase incident allegedly involved bribed customer support agents who granted unauthorized access to sensitive user information including identities, balances, and transaction records.
The attacker also mocked blockchain investigator ZachXBT through Ethereum messages and posted insulting references alongside meme content. Coinbase stated that it rejected a ransom demand of twenty million dollars connected to the stolen data.#crypto#cryptonews https://coinsignals.net https://t.me/coinsignalpublic
