The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data.
The company’s Chief Security Officer, Nick Percoco, stated that the incident did not put client funds at risk and involved an insider threat, with two instances of improper access to limited customer data by support employees.
Kraken says that it will not pay or negotiate with the threat actor.
“We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands,” stated Percoco.
“It’s important to start with the most important points: our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors.”
.png)
Kraken is a U.S.-based cryptocurrency exchange that enables millions of users across 190 countries to buy, sell, and trade digital assets such as Bitcoin, Ethereum, and 200 others.
It is considered one of the largest and most established exchanges, with a daily trading volume of hundreds of millions of U.S. dollars.
Following a “tip from a trusted source” in February 2025 about cybercriminals circulating a video demonstrating access to its client support systems, Kraken initiated an investigation and uncovered a support employee recruited by the threat actor.
More recently, Kraken received a tip about another, more recent video showing insider access to its systems.
In both cases, the company reacted quickly by revoking the employee’s access, launching investigations, and strengthening controls. Where user exposure was identified, Kraken notified affected users directly.
According to Percoco, the incident affects only about 2,000 accounts, which represents 0.02% of Kraken’s user base. For this small subset, the exposed information reportedly only concerns client support data.
Kraken stated that its investigation has gathered enough evidence to legally prosecute all involved individuals attempting to blackmail them, and the company is closely working with federal law enforcement across multiple jurisdictions towards this goal.
Insider threats and malicious recruitment are a broader problem impacting multiple industries, and especially the cryptocurrency sector.
In mid-2025, it was revealed that another major American cryptocurrency exchange, Coinbase, suffered a data breach after hackers bribed employees of an India-based customer support agency to disclose to them private client support information.
In that case, the incident impacted 70,000 customers, with Coinbase estimating the total financial damages to be $400 million.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
