Kraken is actively being extorted by criminals threatening to release the top crypto exchange’s internal data

Kraken says it is being extorted by a criminal group threatening to release internal material after two support staff members improperly accessed limited customer data. In a security update published by chief security officer Nick Percoco on X, the crypto exchange said it identified two cases of inappropriate access to client support data, revoked access, notified affected users, and later received demands tied to videos allegedly showing internal systems with customer information visible. Kraken said its core systems were never breached, funds were never at risk, and roughly 2,000 accounts, or about 0.02% of clients, were potentially viewed. Even so, the incident sharpens a growing problem for crypto platforms. The highest-value security failure is not always a wallet exploit or infrastructure breach. It can begin inside the support layer , where limited customer context is enough to make the next message, call, or verification request feel legitimate. Related Reading Compromised developers lying dormant within crypto projects risks next major crypto exploit The bigger risk after Drift may be the access attackers gain before a protocol knows it has a problem. Apr 8, 2026 · Gino Matos That distinction changes the nature of the threat . The issue is less about direct theft from exchange infrastructure and more about whether authentic internal access can be turned into a trust weapon against users. The exposed information may have included some client account data, though Kraken has not publicly detailed the full field-level scope. In crypto, a small amount of real support information can be operationally valuable to criminals even when the exchange’s trading and custody systems remain secure. The broader backdrop gives that risk more weight. In its 2025 Transparency Report , released on March 19, Kraken said it handled 7,957 law enforcement and regulatory data requests in 2025, up 16.5% year over year, spanning 13,082 accounts across 74 countries. That report was part of a larger trust narrative around compliance, operational maturity, and financial-system integration. Days later, the conversation changed. The issue has moved from how often outside authorities ask for data to how securely internal access is controlled in the first place. For users, the concern is straightforward. The exchange may have secured wallets and core systems, yet the path to harm can still run through support, where a criminal only needs enough context to sound real. Related Reading The many faces of crypto crime and the relentless cat-and-mouse chase Crypto crime hits new highs in 2025 as hackers, scammers, and AI threats target digital assets with increasingly sophisticated tactics. Jul 20, 2025 · Christina Comben Support access has become a more valuable target than many code exploits Kraken’s phrasing is precise. The company said there was no breach of its systems and no risk to funds. It also said two insiders had inappropriately accessed limited client support data, one linked to an incident flagged in February 2025 and another tied to a more recent video showing similar activity. Across both incidents, Kraken says about 2,000 accounts were potentially viewed. Soon after access was terminated, the company says it began receiving extortion demands threatening disclosure to media outlets and on social media. The attack chain described here is operational rather than cinematic. Someone inside a support environment sees information they should not be using that way, records or shares evidence of access, and a criminal group uses that material as leverage. That sequence suggests a repeatable attack path. A code exploit often depends on a specific bug. Insider recruitment scales through incentives, pressure, and weak access design. Check Point Research said in late 2025 that cybercriminals were openly seeking insiders at major crypto exchanges including Coinbase, Binance, Kraken, and Gemini, with typical offers ranging from $3,000 to $15,000 for access or information. Kraken’s own statement says the company has been collaborating with partners and law enforcement to investigate insider recruitment efforts affecting other sectors as well, including gaming and telecoms. That places the exchange inside a larger pattern where customer-service and support operations have become a common pressure point across industries that rely on high-trust interactions and large pools of personal data. Crypto has already seen what that pattern can look like once it moves from access to exploitation. In May 2025, Coinbase disclosed that overseas support agents had been bribed to copy customer information, with attackers then attempting to impersonate the company and trick users into transferring funds. CryptoSlate later reported that law enforcement made an arrest tied to the Coinbase insider extortion case , which affected nearly 70,000 customers. Kraken’s disclosure is much smaller by account count, yet the significance lies elsewhere. The incident r