Kraken has publicly refused to bow to extortion demands after two separate incidents of improper employee access to limited client support data, the US exchange’s chief security officer said Monday — a development that renews investor concerns about insider threats in crypto.
What happened
- CSO Nick Percoco said Kraken identified and shut down two instances of inappropriate access to client support systems since 2025. The first incident dated to February 2025, when a tip flagged a video on a criminal forum showing someone accessing Kraken’s support tools.
- An internal investigation quickly traced the activity to a member of the support team, whose access was immediately revoked. Kraken says it conducted a full investigation, implemented additional security controls and notified the small group of affected clients.
- A second tip surfaced more recently with another video showing similar activity. That prompted a separate investigation, removal of access for the parties involved, and notification to those affected.
- Shortly after access was terminated, Percoco said, criminals began extorting Kraken — threatening to publish materials from both incidents unless paid. Kraken has rejected those demands, declaring it “will not pay these criminals” and “will not ever negotiate with bad actors.”
Scope and impact
- Kraken stresses its core systems were not breached and customer funds were never at risk.
- The exchange estimates only about 2,000 accounts — roughly 0.02% of its user base — were potentially viewed across both incidents.
- Kraken is working with law enforcement and industry partners, and says intelligence and analysis from the incidents provide enough evidence to identify and arrest those involved. The company urged anyone with additional information to contact them.
Broader context
- Kraken’s disclosure comes just a month after the firm won approval from the Kansas City Fed for a Fed master account, gaining direct access to the Federal Reserve’s core payment system — a major regulatory milestone for the exchange.
- The announcement has sparked pushback from some users and community members, who questioned whether the offending personnel were in-house or outsourced and criticized perceived offshoring of support staff. Critics also argued that “2,000 accounts” could include high-value targets vulnerable to “wrench attacks.”
Why this matters
- Insider threats remain one of crypto’s biggest operational risks. The Kraken case echoes last year’s Coinbase controversy, when CEO Brian Armstrong disclosed that bribed overseas contractors had accessed internal tools and leaked limited user data (around 1% of users), and attackers later attempted a multimillion-dollar ransom. That episode raised questions about third-party risk, transparency and the need for tighter controls around support-access privileges.
What’s next
- Kraken says investigations are ongoing and that it has increased controls to disrupt insider recruitment campaigns targeting crypto, gaming and telecom firms. The exchange is coordinating with authorities and industry partners as it pursues those responsible.
Users should monitor communications from Kraken for direct notifications and follow any recommended security steps. Kraken’s public stance — refusing to pay extortionists and emphasizing cooperation with investigators — signals a hard line against negotiating with criminal actors, but the incidents underscore persistent operational vulnerabilities for exchanges handling sensitive data.
Read more AI-generated news on: undefined/news
