Kraken hacked via insider breach, extorted by attackers

A major cryptocurrency exchange is facing an extortion attempt following an insider threat that compromised limited customer data. Kraken’s Chief Security Officer, Nick Percoco, confirmed that a cybercrime group is threatening to release videos of internal systems but emphasized that client funds were never at risk and the company will not negotiate with or pay the criminals. The incident stemmed from improper access by support employees, not an external breach of the platform’s core security.

Kraken, a leading U. S.-based exchange serving millions of users globally, began its investigation in February 2025 after a tip about a video showing access to its client support systems. The probe revealed a support employee had been recruited by the threat actor. A subsequent tip about a more recent video led to the discovery of a second instance. In both cases, the company acted swiftly, revoking access and strengthening controls while directly notifying affected users.

Percoco stated the incident impacts approximately 2,000 accounts, representing just 0.02% of Kraken’s user base. The exposed information is reportedly limited to client support data. The company has gathered sufficient evidence for legal prosecution and is working with federal law enforcement across multiple jurisdictions to pursue those involved in the attempted blackmail.

This event highlights the persistent challenge of insider threats and malicious recruitment, a vulnerability affecting numerous industries, especially within cryptocurrency. Notably, another major exchange, Coinbase, disclosed a similar incident in mid-2025 where hackers bribed employees of an India-based support agency, compromising data for 70,000 customers and resulting in an estimated $400 million in damages. Kraken’s firm stance against paying ransoms underscores a broader industry commitment to resisting such criminal pressure.