Kraken has disclosed an extortion attempt tied to two separate incidents involving unauthorized access to limited internal systems, emphasizing that no breach occurred and client funds were never at risk. In a security update, the exchange said a criminal group is threatening to release videos allegedly showing internal systems with client data unless demands are met. Kraken stated it will not engage or pay. Insider access, not external breach According to the company, both incidents were traced to members of its support team, rather than external attackers breaching its infrastructure. The first case dates back to February 2025, when Kraken received a tip about a video circulating on a criminal forum. The company said it quickly identified the employee involved, revoked access, and launched an internal investigation. A second, similar incident was identified more recently following another tip and video. Kraken again moved to terminate access and notify affected users. Limited scope: ~2,000 accounts affected Kraken said the incidents involved access to client support data, with approximately 2,000 accounts potentially viewed — about 0.02% of its user base. The exchange noted that only a "very small number" of clients were affected and that those users have already been notified. It also stressed that: no funds were at risk core systems were not compromised Extortion attempt follows access revocation Shortly after the individuals' access was revoked, Kraken said it began receiving extortion demands. The group behind the threats claimed it would release materials from both incidents to media outlets and on social platforms if the exchange did not comply. Kraken rejected the demands outright, stating it "will not ever negotiate with bad actors." Broader concerns over insider recruitment The exchange said it is working with law enforcement across multiple jurisdictions and believes there is sufficient evidence to identify those responsible. Kraken also highlighted a broader trend of insider recruitment efforts, noting that such activity is targeting not only crypto firms but also companies in gaming and telecommunications. Final Summary Kraken said no breach occurred despite an extortion attempt linked to insider access affecting ~2,000 accounts. The incident highlights rising risks around insider recruitment, even as core systems and funds remain secure.
Kraken faces extortion attempt linked to insider data access, says no breach occurred
This article was originally published on AMBCrypto and is republished here under RSS syndication for informational purposes. All rights and intellectual property remain with the original author. If you are the author and wish to have this article removed, please contact us at [email protected].
