A criminal group has attempted to extort Kraken by threatening to release videos allegedly showing access to the crypto exchange’s internal systems with client data. The Wyoming-based company confirmed on Monday that it addressed and closed off two unauthorized accesses linked to members of its support team, each involving a limited amount of client information.
“Our security systems were never compromised; no funds were ever at risk; we will not pay these criminals nor negotiate with them,” stated Nick Percoco, chief security and information officer for both Payward and Kraken, in an announcement on X.
In February 2025, Kraken was alerted to a video appearing on a criminal forum. An internal investigation traced it back to an individual within the firm. The employee’s access was revoked, additional security measures were implemented, and affected clients were informed.
Recently, another tip-off led to the discovery of a similar video. Once again, Kraken identified and terminated the responsible party’s access while notifying impacted users.
The crypto sector consistently faces security challenges due to its combination of high-value, easily transferable digital assets with technical and human vulnerabilities. Digital assets can be quickly moved across borders and are often irretrievable once lost, making them appealing targets for malicious actors. Additionally, weaknesses in smart contracts, private key management, and exchange infrastructure may lead to exploitable entry points, while phishing and social engineering remain direct threats to users.
Recent crypto breaches have demonstrated increasing complexity, with attackers leveraging smart contract vulnerabilities alongside social engineering and rapid fund transfers to maximize damage.
In incidents like the Drift exploit, adversaries seem to utilize a profound understanding of protocol mechanics and liquidity conditions to manipulate systems in ways that are difficult to detect in real time. This highlights how complex and dynamic decentralized finance (DeFi) environments can present opportunities for advanced attacks.
Kraken, operated by Payward Inc., is a U.S.-based cryptocurrency exchange offering spot and derivatives trading, as well as custody and staking services for digital assets. Founded in 2011, the platform serves both retail and institutional clients globally with access to cryptocurrencies like bitcoin (BTC) and ether (ETH), alongside fiat currency on- and off-ramps. The company is recognized for its emphasis on security and regulatory compliance across various jurisdictions.
According to Kraken, around 2,000 client accounts were potentially viewed in the two incidents, affecting only 0.02% of their customer base, as estimated by a source familiar with the matter speaking to CoinDesk.
Following the cessation of the latest unauthorized access, Kraken began receiving extortion demands from the group, which threatened to publicize materials from both events via media and social platforms. The company has refused to comply.
Kraken is collaborating with industry partners and law enforcement to investigate what it describes as broader insider recruitment efforts targeting crypto, gaming, and telecommunications firms. It believes there is enough evidence to identify and apprehend those responsible.
“The security of our clients remains our top priority, and we are dedicated to combating the escalating global threat of insider recruitment while continuously enhancing our security measures against emerging threats,” added Percoco.
Galaxy Digital (GLXY), a digital asset financial services firm founded by Mike Novogratz, reported containing a cybersecurity incident involving unauthorized access to an isolated development workspace. No client funds or account data were at risk.
For more information, see: Galaxy Digital’s testnet suffers hack but no client funds or information were compromised.