Two separate incidents involving support staff gave criminals access to limited client data at Kraken. A criminal group has since used that material to pressure the exchange, demanding compliance in exchange for silence. Kraken has refused, revoked all access, and is now working with federal authorities across multiple jurisdictions.
To summarize
• Around 2,000 client accounts were exposed across two internal incidents.
• A criminal group is threatening to publish internal videos unless Kraken complies with their demands.
• The exchange refuses to negotiate and is actively cooperating with federal law enforcement.
Two incidents. One method.
The first dates back to February.
A member of Kraken’s support team accessed internal systems and, based on available information, recorded what they saw. Weeks later, a second incident follows the exact same pattern.
In both cases, the access stays confined to support systems. Not Kraken’s trading infrastructure. No funds moved. No funds at risk.
Once the threat is identified, access is revoked immediately each time.
Around 2,000 accounts, approximately 0.02% of Kraken’s user base, were potentially viewed during these incidents. The exchange has since directly notified all affected clients.
The extortion attempt
The material gathered during these incidents becomes the basis for an extortion campaign.
A criminal group, whose identity has not been publicly disclosed, threatens to release the compromising videos unless Kraken meets their demands. Videos showing staff accessing internal systems and client data.
Nick Percoco, Kraken’s Chief Security Officer, addresses the situation publicly on X.
He confirms that Kraken’s systems were never compromised. That client funds remained secure throughout. And that the exchange had already neutralized a first extortion attempt without giving in.
His position is unambiguous: Kraken will not negotiate with malicious actors.
The exchange says it has gathered enough evidence to identify those responsible and is working with federal authorities across multiple jurisdictions to pursue everyone involved.
Why support teams have become a prime target
The question is now being raised openly across the industry.
Crypto exchanges handle massive volumes. Their technical infrastructure is often very well protected. But the weakest link remains human: support teams, who need access to client data to do their jobs, and who are sometimes recruited abroad under less rigorous vetting conditions.
That is precisely what organized criminal groups are exploiting.
Corrupting or recruiting a support employee costs far less than attempting to breach a secured infrastructure. And the potential payoff is the same: data, access, leverage.
Some users reacted publicly to Kraken’s announcement by pointing directly at this issue. The question of offshore recruitment (and the security risks that come with it) resurfaced in several public discussions.
Kraken did not respond to these criticisms, but insisted that access controls are the primary line of defense, regardless of where support teams are located.
This debate will not be settled by this case alone.
Also worth checking on Cryptonomic:
- More than half of cryptocurrencies are already dead
- Be careful if you hold the ONDO cryptocurrency
- Did the US government lose $40 million in Bitcoin?!
A threat that goes far beyond Kraken
This type of attack is not specific to crypto.
Targeting support staff to gain internal access, recording it, then using it as leverage. Identical patterns have already been observed in the gaming and telecommunications sectors.
In crypto, the closest precedent is the Coinbase case. In 2024, overseas support contractors sold client information to outside parties, exposing approximately 69,000 accounts. Same scenario, same outcome: no systems breached, no funds touched, and a firm refusal to meet extortion demands.
The insider threat is structural. Security researchers have identified at least 60 developers linked to the Lazarus Group (a North Korea-affiliated hacking collective) who had infiltrated crypto projects by getting hired as regular employees. A reminder of how deep and organized this threat already is.
The strongest exchanges are the ones that don’t cave.
Follow the story on Cryptonomic.
