Kraken Faces Extortion Plot Involving Rogue Employees, Raising Concerns Over Fed Access
Cryptocurrency exchange Kraken is grappling with an extortion attempt orchestrated by hackers who recruited insider employees to bypass security measures. The incident, disclosed by Chief Security Officer Nick Percoco on April 13, 2025, involved rogue members of Kraken’s customer support team who allegedly provided attackers with access to internal systems.
The breach was discovered in February 2025 after Kraken received a tip about a video circulating on a criminal forum, showing unauthorized access to its client support tools. Investigations revealed two employees had been compromised, potentially exposing roughly 2,000 client accounts 0.02% of Kraken’s user base. While the exchange confirmed no funds were at risk and core systems remained secure, attackers threatened to leak footage of internal operations unless demands were met. Kraken has refused to negotiate, revoked the employees’ access, and notified affected clients, while collaborating with federal law enforcement.
The incident underscores a growing trend of cybercriminals targeting insiders, as seen in a December 2024 report by Check Point, which uncovered darknet ads offering payouts of $3,000 to $15,000 for employees at exchanges like Kraken, Coinbase, and Binance. Similar extortion attempts have targeted other firms, including Coinbase, which has since bolstered insider-threat detection and support security controls.
The breach arrives just weeks after Kraken became the first digital asset company to secure a "limited purpose" Federal Reserve master account on March 4, 2025, granting it direct access to the central bank’s payment rails. The approval, issued by the Federal Reserve Bank of Kansas City, has drawn sharp criticism from traditional banking advocates, including the Independent Community Bankers of America (ICBA), which warned of systemic risks. In a joint letter, the ICBA and 42 state bankers’ associations urged the Fed to impose stricter risk controls on Kraken’s account, citing concerns over operational and cybersecurity vulnerabilities.
The incident has also intensified congressional scrutiny. Rep. Maxine Waters, ranking Democrat on the House Financial Services Committee, demanded further details on the approval process, while Fed Vice Chair for Supervision Michelle Bowman acknowledged the move as an "experiment" in integrating crypto firms into the federal payment system. Critics, including the Bank Policy Institute, argue that lightly regulated crypto entities may pose broader financial stability risks compared to traditional banks, which undergo rigorous supervision and hold deposit insurance.
Source: https://www.americanbanker.com/news/kraken-faces-extortion-threat-over-rogue-employee-breach
Kraken cybersecurity rating report: https://www.rankiteo.com/company/krakenfx
"id": "KRA1776206461",
"linkid": "krakenfx",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2000',
'industry': 'Financial Services',
'location': 'Global',
'name': 'Kraken',
'type': 'Cryptocurrency Exchange'}],
'attack_vector': 'Insider Threat',
'customer_advisories': 'Affected clients notified.',
'data_breach': {'data_exfiltration': 'Potential (threatened leak of internal '
'operations footage)',
'number_of_records_exposed': '2000',
'sensitivity_of_data': 'Moderate (client support tools '
'access)',
'type_of_data_compromised': 'Client account information'},
'date_detected': '2025-02',
'date_publicly_disclosed': '2025-04-13',
'description': 'Cryptocurrency exchange Kraken is grappling with an extortion '
'attempt orchestrated by hackers who recruited insider '
'employees to bypass security measures. The incident involved '
'rogue members of Kraken’s customer support team who allegedly '
'provided attackers with access to internal systems, '
'potentially exposing roughly 2,000 client accounts. Attackers '
'threatened to leak footage of internal operations unless '
'demands were met.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': 'Client account information',
'identity_theft_risk': 'Potential',
'operational_impact': 'Unauthorized access to internal systems',
'payment_information_risk': 'No funds at risk',
'systems_affected': 'Internal client support tools'},
'initial_access_broker': {'entry_point': 'Compromised customer support '
'employees'},
'investigation_status': 'Ongoing (collaboration with federal law enforcement)',
'lessons_learned': 'Growing trend of cybercriminals targeting insiders; need '
'for enhanced insider-threat detection and support '
'security controls.',
'motivation': 'Financial gain (extortion)',
'post_incident_analysis': {'corrective_actions': 'Revoked employee access, '
'enhanced monitoring '
'(implied)',
'root_causes': 'Insider recruitment by '
'cybercriminals, potential gaps in '
'insider-threat detection.'},
'recommendations': 'Bolster insider-threat detection, implement stricter '
'access controls, and enhance monitoring of employee '
'activities.',
'references': [{'source': 'Nick Percoco (Kraken Chief Security Officer)'},
{'source': 'Check Point Report (December 2024)'},
{'source': 'Independent Community Bankers of America (ICBA)'}],
'regulatory_compliance': {'regulatory_notifications': 'Congressional scrutiny '
'(Rep. Maxine Waters)'},
'response': {'communication_strategy': 'Public disclosure by Chief Security '
'Officer',
'containment_measures': 'Revoked employee access, notified '
'affected clients',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (federal law enforcement)'},
'stakeholder_advisories': 'Federal Reserve scrutiny, congressional demands '
'for details on approval process.',
'threat_actor': 'Cybercriminals recruiting insiders',
'title': 'Kraken Faces Extortion Plot Involving Rogue Employees',
'type': 'Extortion',
'vulnerability_exploited': 'Compromised employees'}