Key Takeaways
- Kraken is facing an extortion attempt from a criminal group claiming access to internal recordings with limited customer-related data.
- The exchange says it will not pay or negotiate. The company confirmed its core systems were not breached, customer funds were not exposed, and there is no evidence of a platform-wide security compromise.
- The incident is linked to two separate cases of improper access involving internal customer support staff, both of whom were terminated after investigations.
Kraken has confirmed it is facing an extortion attempt from a criminal group that claims to possess internal recordings containing limited customer-related information. The attackers are threatening to release the material publicly unless their demands are met. The exchange has stressed that its core systems were not breached, client funds remain secure, and it has firmly refused to engage or negotiate with the group.
In an update disclosed by Nick Percoco, Kraken said the incident involved two instances of improper access linked to internal support staff, both of whom were terminated following the investigation. The update noted that approximately 2,000 customer accounts, around 0.02% of its user base, were affected, and impacted users have already been notified.
No System Breach or Fund Exposure
Kraken says its core systems were not compromised at any point during the incident. The exchange also stressed that customer funds were never exposed, and there is no sign of a wider breach affecting its trading infrastructure or platform security.
Instead, the problem appears to be limited to a small number of internal customer support accounts. Kraken described these as isolated cases that were quickly contained and did not affect its main systems or overall platform operations.
Two Separate Insider-Related Incidents
The exchange identified and stopped two unrelated cases involving unauthorized access by customer support staff. Both incidents were uncovered after outside intelligence and online videos raised concerns about possible misuse of internal systems.
The first case took place in February 2025, when a video shared on a criminal forum appeared to show access to internal support tools. An internal investigation confirmed that a customer support employee had accessed restricted user information without permission. Kraken quickly removed the employee’s access, conducted a full internal review, improved security controls, and informed affected users.
A second, separate incident was discovered later after another external report and video surfaced online showing similar behavior. The company traced the activity to a different support staff member, who was immediately cut off from system access. Kraken then carried out an investigation, contained the issue, and notified potentially impacted customers.
Extortion Demands Follow Internal Investigations
After resolving both insider incidents, Kraken reported that it began receiving extortion attempts from the same threat group. The attackers claimed to have internal recordings and sensitive data and demanded payment in exchange for not releasing the material publicly.
Kraken rejected the demands and stated it will not negotiate or provide any payment. The company emphasized that complying with such threats would encourage further criminal behavior.
Law Enforcement Involvement and Ongoing Investigation
The exchange said it is working closely with law enforcement in several countries, as well as cybersecurity partners, as the investigation continues. These efforts aim to track down the people involved, check how much data may have been exposed, and understand how they were able to get unauthorized access.
Kraken also said early findings may be strong enough to lead to future arrests. The company added that it is helping authorities look into wider insider schemes that recruit employees for data theft and extortion, which may be targeting not only crypto firms but also companies in other sectors, including gaming and telecommunications.
Security Focus Moving Forward
Kraken said it is continuing to strengthen its security systems to prevent similar incidents. This includes tighter access controls, improved monitoring of internal tools, and better detection of unusual activity. The company confirmed that potentially affected users have already been contacted directly and given relevant updates.
Despite ongoing extortion attempts, Kraken reiterated that it will not comply with criminal demands and is working closely with law enforcement and cybersecurity partners to identify those responsible.
Final Thoughts
Kraken faced two insider-related incidents where customer support staff improperly accessed limited customer information. After that, the company also faced an extortion attempt from a criminal group that claimed to have internal recordings and tried to force payment. In response, Kraken removed the employees involved, secured its systems, and notified affected users. It also strengthened its internal security and monitoring tools. The exchange rejected the extortion demands and is now working with law enforcement and cybersecurity partners to investigate the incidents and prevent similar cases in the future.
Frequently Asked Questions
What happened to Kraken?
Kraken faced two separate insider incidents where customer support staff improperly accessed limited customer information. After that, it also faced an extortion attempt from a criminal group.
Was Kraken’s system hacked?
No. Kraken confirmed that its core systems were not breached and there is no evidence of a platform-wide hack.
Were customer funds affected?
No. The company stated that customer funds were not exposed or at risk during the incidents.
How many users were affected?
About 2,000 customer accounts were affected, which is around 0.02% of Kraken’s total users.
What caused the issue?
The issue came from two separate cases of improper access by internal customer support staff, not an external system breach.
What is Kraken doing to improve security?
The company is strengthening access controls, improving monitoring systems, and enhancing internal security to prevent similar incidents.
