Kraken Faces Extortion Attempt After Insider Security Incidents
Cryptocurrency exchange Kraken disclosed an extortion attempt by a criminal group threatening to release videos allegedly showing unauthorized access to internal systems containing client data. The Wyoming-based firm confirmed two separate incidents in 2025 involving rogue employees within its support team, both of which were swiftly contained.
In February, Kraken received a tip about a video circulating on a criminal forum, prompting an internal investigation that identified the individual responsible. The company revoked their access, implemented additional security controls, and notified affected clients. A second, similar incident occurred more recently, leading to another termination and user notifications.
Kraken emphasized that its systems were never breached, client funds remained secure, and it would not negotiate with the extortionists. Approximately 2,000 accounts roughly 0.02% of its customer base were potentially exposed across both incidents. The exchange is collaborating with law enforcement and industry partners to investigate what it describes as a broader insider recruitment campaign targeting crypto, gaming, and telecommunications firms.
The incidents highlight persistent security challenges in the crypto industry, where high-value assets and human vulnerabilities create attractive targets for attackers. Recent exploits, such as the Drift protocol breach, demonstrate increasing sophistication, combining technical exploits with social engineering to evade detection.
Kraken, founded in 2011, serves retail and institutional clients globally, offering trading, custody, and staking services. The company has reiterated its commitment to security and regulatory compliance amid evolving threats. Separately, Galaxy Digital reported containing a cybersecurity incident in an isolated development workspace, with no impact on client funds or data.
Kraken cybersecurity rating report: https://www.rankiteo.com/company/krakenfx
Galaxy cybersecurity rating report: https://www.rankiteo.com/company/galaxyhq
"id": "KRAGAL1776111934",
"linkid": "krakenfx, galaxyhq",
"type": "Breach",
"date": "2/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2000 (0.02% of customer base)',
'industry': 'FinTech, Cryptocurrency',
'location': 'Wyoming, USA',
'name': 'Kraken',
'size': 'Large (global client base)',
'type': 'Cryptocurrency Exchange'}],
'attack_vector': 'Insider Access',
'customer_advisories': 'Affected users notified, reassurance on fund safety',
'data_breach': {'data_exfiltration': 'Videos allegedly showing unauthorized '
'access',
'file_types_exposed': 'Videos',
'number_of_records_exposed': 'Potentially 2000 accounts',
'personally_identifiable_information': 'Potentially exposed',
'sensitivity_of_data': 'High (client data)',
'type_of_data_compromised': 'Client data'},
'date_detected': '2025-02',
'description': 'Cryptocurrency exchange Kraken disclosed an extortion attempt '
'by a criminal group threatening to release videos allegedly '
'showing unauthorized access to internal systems containing '
'client data. The Wyoming-based firm confirmed two separate '
'incidents in 2025 involving rogue employees within its '
'support team, both of which were swiftly contained.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'insider incidents',
'data_compromised': 'Client data potentially exposed',
'identity_theft_risk': 'Potential risk for affected clients',
'operational_impact': 'Additional security controls implemented, '
'user notifications',
'systems_affected': 'Internal systems (support team access)'},
'investigation_status': 'Ongoing (collaboration with law enforcement and '
'industry partners)',
'lessons_learned': 'Persistent security challenges in the crypto industry due '
'to high-value assets and human vulnerabilities. Insider '
'threats require robust monitoring and access controls.',
'motivation': 'Extortion, Financial Gain',
'post_incident_analysis': {'corrective_actions': 'Access revocation, '
'additional security '
'controls, user '
'notifications, law '
'enforcement collaboration',
'root_causes': 'Insider recruitment, unauthorized '
'access by rogue employees'},
'recommendations': 'Enhance insider threat detection, implement stricter '
'access controls, and collaborate with industry partners '
'to combat insider recruitment campaigns.',
'references': [{'source': 'Kraken Public Disclosure'}],
'response': {'communication_strategy': 'Public disclosure, emphasis on client '
'fund security',
'containment_measures': 'Access revoked, additional security '
'controls implemented',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'remediation_measures': 'User notifications, collaboration with '
'law enforcement'},
'stakeholder_advisories': 'Clients notified, emphasis on fund security',
'threat_actor': 'Criminal Group',
'title': 'Kraken Faces Extortion Attempt After Insider Security Incidents',
'type': 'Insider Threat, Extortion',
'vulnerability_exploited': 'Human Vulnerability (Insider Recruitment)'}