Kraken Refuses Ransom After Insider Extortion Threat Targets 2,000 Accounts
Key Takeaways
- Two insider-related incidents involving Kraken staff with unauthorized access affected about 2,000 accounts.
- Kraken reports no breach and no client funds at risk; extortionists threaten to leak videos.
- Kraken will not pay extortion demands and is cooperating with law enforcement.
Kraken Extortion
Kraken is facing an extortion attempt by a criminal group threatening to release videos showing access to internal systems containing client data.
“Crypto exchange Kraken targeted in extortion attempt but says there was no breach and no client funds at risk The firm said a criminal group is attempting to extort it over limited insider-related data access incidents affecting about 2,000 accounts”
The company identified and shut down two instances of inappropriate access tied to individuals within its support team.
Approximately 2,000 accounts were affected, about 0.02% of its client base.
Chief Security Officer Nick Percoco said, Our systems were never breached; funds were never at risk; we will not pay these criminals.
Kraken has been working with industry partners and law enforcement to investigate broader insider recruitment efforts.
Insider Access
The extortion attempt stemmed from improper access by individuals linked to Kraken's customer service operation.
The accessed data was limited to client support information, far removed from core infrastructure.
Kraken notified all potentially affected clients and revoked access for the individuals involved.
Percoco described the attack as part of a rising pattern of internal infiltration + social engineering.
Human vulnerabilities remain a persistent risk in crypto despite technical safeguards.
Response and Consequences
Kraken refused to pay the ransom and escalated the matter to law enforcement.
“Crypto exchange Kraken is facing an extortion attempt from a criminal group threatening to release videos purportedly showing access to internal systems containing client data”
The exchange believes it has sufficient evidence to identify and arrest those responsible.
The incident affected roughly 0.02% of Kraken's 13 million registered users.
No customer funds were ever at risk and core infrastructure remained secure.
Kraken's response represents a mature approach to inevitable security challenges.
More on Crypto
Federal Reserve Opens 60-Day Comment Period for Limited-Purpose “Skinny” Payment Accounts
13 sources compared
Coinbase Launches Open-Source x402 Payments Protocol After Brooklyn Hackathon With 100 Engineers
11 sources compared
SEC Creates Crypto Task Force Led by Commissioner Hester Peirce Amid June Term Concerns
11 sources compared
Qivalis Adds 25 Banks, Bringing Euro Stablecoin Consortium to 37 Institutions Across 15 Countries
14 sources compared