Kraken Refuses Ransom After Insider Extortion Threat Targets 2,000 Accounts
Key Takeaways
- Two insider-related incidents involving Kraken staff with unauthorized access affected about 2,000 accounts.
- Kraken reports no breach and no client funds at risk; extortionists threaten to leak videos.
- Kraken will not pay extortion demands and is cooperating with law enforcement.
Kraken Extortion
Kraken is facing an extortion attempt by a criminal group threatening to release videos showing access to internal systems containing client data.
“Crypto exchange Kraken targeted in extortion attempt but says there was no breach and no client funds at risk The firm said a criminal group is attempting to extort it over limited insider-related data access incidents affecting about 2,000 accounts”
The company identified and shut down two instances of inappropriate access tied to individuals within its support team.
Approximately 2,000 accounts were affected, about 0.02% of its client base.
Chief Security Officer Nick Percoco said, Our systems were never breached; funds were never at risk; we will not pay these criminals.
Kraken has been working with industry partners and law enforcement to investigate broader insider recruitment efforts.
Insider Access
The extortion attempt stemmed from improper access by individuals linked to Kraken's customer service operation.
The accessed data was limited to client support information, far removed from core infrastructure.
Kraken notified all potentially affected clients and revoked access for the individuals involved.
Percoco described the attack as part of a rising pattern of internal infiltration + social engineering.
Human vulnerabilities remain a persistent risk in crypto despite technical safeguards.
Response and Consequences
Kraken refused to pay the ransom and escalated the matter to law enforcement.
“Crypto exchange Kraken is facing an extortion attempt from a criminal group threatening to release videos purportedly showing access to internal systems containing client data”
The exchange believes it has sufficient evidence to identify and arrest those responsible.
The incident affected roughly 0.02% of Kraken's 13 million registered users.
No customer funds were ever at risk and core infrastructure remained secure.
Kraken's response represents a mature approach to inevitable security challenges.
More on Crypto
RaveDAO's RAVE Token Surges 4,500% in Seven Days Fueled by Short Squeeze
11 sources compared
SEC Exempts Certain Crypto Wallet Interfaces From Broker Registration Requirements
12 sources compared
Bitcoin Surges Past $73,000 as US Inflation Hits Highest Annual Increase Since May
12 sources compared
Iran Blocks Strait of Hormuz, Demands Israel Cease Attacks Before Talks
24 sources compared