Prefer us on Google 
Download App 
Download App
Crypto exchange Kraken revealed two security events stemming from insider actions, where support staff accessed restricted client information. Subsequently, a criminal entity initiated an extortion scheme, as reported by the company and its chief security officer.
The company asserted that neither incident compromised its systems nor endangered any client assets. Both situations involved unauthorized use of internal support utilities rather than core trading mechanisms, with access being terminated promptly upon detection.
Kraken’s Chief Security Officer, Nick Percoco, stated that the company is currently responding to demands from cybercriminals who allege they possess visual records of internal systems displaying customer data. The group has threatened to publicize this material unless Kraken meets their demands.
“Our systems were never breached; funds were never at risk; we will not pay these criminals,” Percoco affirmed in a public declaration, emphasizing that the company would not engage in negotiations with the perpetrators.
Kraken indicated that approximately 2,000 customer accounts might have been viewed across the two separate occurrences, representing a small fraction, around 0.02%, of its worldwide user base. Those affected have been informed, and the company clarified that the disclosed information was confined to support-related details, not critical financial credentials.
Several security vulnerabilities at Kraken
The initial event transpired in February 2025, when the company was alerted to a video circulating within illicit online communities. A subsequent internal inquiry identified a support team member as the individual responsible for the unauthorized access. Kraken reported revoking the employee’s privileges, conducting a thorough review, and implementing enhanced protective measures.
A second incident surfaced later, prompted by another notification concerning similar content linked to a different employee. Kraken confirmed it once again pinpointed the source, deactivated the access, and alerted the affected parties while reinforcing its internal safeguards.
The situation intensified after the termination of the most recent unauthorized access, when the syndicate behind the videos presented their extortion demands. Kraken communicated that the attackers menaced to disseminate the content through media channels and social networks.
The exchange stated its collaboration with law enforcement agencies across multiple jurisdictions and expressed confidence in having sufficient evidence to identify and prosecute the individuals involved. The company also highlighted broader recruitment efforts targeting insiders within the cryptocurrency, gaming, and telecommunications sectors.
Security professionals have cautioned that internal threats represent an ongoing peril in the digital asset sphere, where support personnel often require access to user accounts for issue resolution. Although such access is typically restricted, it can become a vulnerability for coercion or exploitation.
Kraken affirmed its ongoing scrutiny of internal procedures, reinforcement of surveillance systems, and limitation of access permissions to mitigate potential risks. The firm underscored that its fundamental infrastructure remained secure throughout both events.
This development occurs as the industry grapples with persistent security challenges, encompassing both external assaults and internal weaknesses. The combination of high-value digital assets and widespread accessibility has made crypto platforms a prime target for organized malicious campaigns.
In a separate announcement, Galaxy Digital disclosed a cybersecurity incident involving illicit entry into an isolated development environment. The firm, established by Mike Novogratz, stated that no customer data or funds were compromised.
Kraken reiterated its commitment to continued cooperation with investigators and industry partners as the situation unfolds. The company characterized the incidents as isolated occurrences while issuing a warning about a wider trend of insider-focused threats affecting technology companies.
Details can be found on the website : bitcoinmagazine.com