Kraken rebuffs a criminal extortion bid after improper internal access exposed data on about 2,000 accounts but says no systemic breach or client fund risk.
Summary
- Kraken says it is being extorted by a criminal group threatening to leak videos of internal system access but insists there was no systemic breach and no client funds at risk.
- The exchange links the incident to improper access by people tied to its customer support team that touched data on about 2,000 accounts, roughly 0.02% of users.
- Chief security officer Nick Percoco says Kraken has cut off access, notified affected users and is working with law enforcement as “internal infiltration + social engineering” attacks grow.
Cryptocurrency exchange Kraken says it is being blackmailed by a criminal organisation that claims to have videos showing access to the company’s internal systems, but has vowed not to pay any ransom and maintains that customer funds remain safe. In a statement cited by CoinDesk, the platform stressed there had been “no systemic breach” of its trading infrastructure or wallets, describing the incident as a targeted abuse of internal access rather than a successful hack of core systems.
Kraken said the episode stems from improper access by individuals linked to its customer service operation in two separate incidents, which together exposed limited data on around 2,000 accounts, or roughly 0.02% of its total user base. Those users have been notified, the exchange added, while the people involved have had their credentials revoked and been cut off from internal tools as Kraken tightens monitoring and access controls.
Chief security officer Nick Percoco, who has previously called a separate $3 million exploit of Kraken’s systems “not white hat hacking, it is extortion,” said the company is again treating the new threats as a criminal matter and is cooperating with law enforcement. He told reporters Kraken believes it has sufficient evidence “to identify and help arrest” those behind the latest extortion attempt and reiterated that the platform will not negotiate with actors trying to monetize internal access.
According to the company’s description, the attack reflects a rising pattern of “internal infiltration + social engineering,” in which outsiders work to compromise or recruit people inside service organisations in order to gain read‑only access, reconnaissance footage or limited customer data rather than directly attacking hardened wallet systems. Earlier this year, a dark‑web listing claiming $1 access to Kraken’s internal support panel and KYC data prompted similar concerns, though the exchange did not confirm a breach and security researchers warned that even read‑only access to support tools could be weaponised for phishing and targeted scams.
The new extortion attempt lands after a separate March incident in which a Kraken user reportedly lost about 7,784 ETH and 26.5 BTC — worth roughly $18.2 million — to a sophisticated social‑engineering scheme before the funds were moved to HitBTC, underscoring the spectrum of threats facing both platforms and customers. As blockchain analytics firm EmberCN and others have noted, even where exchange treasuries and hot wallets remain uncompromised, lapses in human controls — from customer‑support access to user opsec — can still translate into large losses and reputational damage.
For Kraken, the latest case is a stress test of its long‑promoted security culture, which includes mandatory two‑factor authentication, hardware‑key support and regular public messaging from Percoco on account‑protection best practices. For the wider industry, it is another reminder that in a market where a single compromised credential can dangle millions of dollars in front of attackers, the biggest risks often sit at the intersection of internal access, human error and old‑fashioned extortion — not just in zero‑day code.
Be the first to comment