Cryptocurrency exchange Kraken has revealed it was recently targeted in an extortion attempt after two former employees from its internal support team were found to have improperly accessed limited customer information. The criminal group behind the attempt threatened to release videos allegedly from Kraken’s internal systems unless their demands were met.
Swift response and internal controls
Based in Wyoming, USA, Kraken said it quickly terminated the access of those involved in both incidents. New security protocols were immediately enforced, and notifications were sent to affected customers to alert them of the situation.
The first case surfaced in February 2025, after a tip-off that a video had been circulating on a criminal forum. Following an internal investigation, Kraken revoked the implicated staff member’s access and enhanced its security measures further.
A similar second incident occurred recently. In response, Kraken again identified and removed access for the individual involved, and promptly notified users who may have been affected.
In total, approximately 2,000 customer accounts may have been exposed, according to the company. Given that Kraken serves millions of users, this figure represents only 0.02 percent of its total customer base.
Nick Percoco, Kraken’s Head of Security, emphasized that at no point were the company’s systems fully compromised or client funds ever at risk. He stressed Kraken’s firm stance against paying or negotiating with criminals attempting extortion.
“Our systems were never breached; client funds were never at risk; we will not pay these criminals or negotiate with malicious actors,” Kraken stated to underline its position.
Growing cybersecurity threats in crypto sector
Cyberattacks continue to target cryptocurrency platforms because of the high value and irreversible nature of digital asset transfers. Instant transactions and limited recourse make exchanges attractive for criminals.
Weaknesses in smart contract coding, private key management, and exchange backend infrastructure present exploitable entry points for hackers. Additionally, social engineering and phishing schemes against users remain common threats in the sector.
Sophisticated attackers, as seen in the recent Drift protocol incident, now combine technical know-how and an understanding of market mechanics to execute fast, complex exploits. These cases highlight the rapid evolution of tactics in decentralized finance platforms.
Following the breach, Kraken reported that the criminals threatened to leak obtained materials via news outlets and social media platforms. The company firmly rejects all demands and refuses to negotiate with the perpetrators.
Kraken’s ongoing investigation also revealed that cybercriminals are actively recruiting insiders not just in crypto, but across gaming and telecommunications companies. The exchange says it is working closely with industry peers and security teams to track down those responsible and is confident of progress.
Meanwhile, Galaxy Digital, another player in institutional crypto services, recently announced it had blocked unauthorized access to an isolated development environment. The company reassured its clients that no customer data or funds were ever at risk in the event.
