Kraken is currently being extorted by a cybercrime group threatening to release footage of internal systems that display client data, the cryptocurrency exchange announced.
Chief Security Officer Nick Percoco confirmed that the incident involves an insider threat rather than a direct breach of the company's core infrastructure. The company reported two separate instances where support employees improperly accessed limited customer information.
"Our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors," Percoco said in a statement.
Investigation into insider recruitment
The security incident began in February 2025, when Kraken received a tip from a trusted source regarding a video circulating among cybercriminals. The footage demonstrated unauthorized access to the exchange's client support systems.
Following that tip, Kraken's investigation uncovered a support employee who had been recruited by the threat actor. A second, more recent tip alerted the company to another video showing insider access to its systems.
In both instances, Kraken revoked the employee's access and strengthened internal controls. The exchange notified users directly where exposure was identified.
Percoco stated that the incident affects approximately 2,000 accounts, representing just 0.02% of Kraken’s total user base. The exposed information is limited to client support data.
Kraken is currently working with federal law enforcement across multiple jurisdictions. The company stated it has gathered enough evidence to legally prosecute all individuals involved in the blackmail attempt.
This incident highlights a growing trend of malicious recruitment within the crypto sector. In mid-2025, Coinbase revealed a similar breach after hackers bribed employees at an India-based customer support agency. That breach impacted 70,000 customers and resulted in an estimated $400 million in damages.
