Kraken Faces Extortion After Support Staff Viewed 2,000 Accounts
Kraken says two support employees viewed about 2,000 accounts and extortionists threatened to publish internal videos; the exchange reports no systems or funds were breached.
Kraken disclosed an extortion attempt after two support staff members viewed roughly 2,000 client accounts and criminals threatened to release internal videos showing customer data. The company reported that no external breach occurred and that customer funds and trading systems were not affected.
The incidents were disclosed in mid-April and characterized by Kraken as insider events involving support‑team access rather than a hack. The firm immediately revoked the employees’ access, terminated the staff involved and sent notifications to the roughly 2,000 affected accounts, which Kraken says represents about 0.02% of its user base.
Kraken’s chief security officer, Nick Percoco, wrote that the exposure was confined to support systems and did not touch trading infrastructure or custody of client assets. He added, “We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands.” Percoco noted that the company’s security controls ensured funds remained secure.
According to Kraken, the extortionists demanded payment to withhold the material. The exchange declined to pay and is cooperating with federal law enforcement across multiple jurisdictions. Percoco wrote that the company has collected evidence it believes will help identify those responsible and that authorities are pursuing the matter.
Kraken described the incidents as part of a pattern in which criminals attempt to recruit or bribe customer support personnel at crypto and technology firms to obtain user data. The company said security teams across the sector have increased monitoring, tightened access controls and reviewed hiring and oversight practices in response.
Some users raised concerns about offshore support operations and whether staff location affects data risk. Kraken reiterated that technical access controls and monitoring are the primary safeguards and declined to comment further on hiring practices.
Kraken said it will continue its internal investigation, notify additional affected users if necessary and cooperate with law enforcement. The exchange repeated that no systems were penetrated by outside actors and that client funds remain safe.
Content on BlockPort is provided for informational purposes only and does not constitute financial guidance.
We strive to ensure the accuracy and relevance of the information we share, but we do not guarantee that all content is complete, error-free, or up to date. BlockPort disclaims any liability for losses, mistakes, or actions taken based on the material found on this site.
Always conduct your own research before making financial decisions and consider consulting with a licensed advisor.
For further details, please review our Terms of Use, Privacy Policy, and Disclaimer.
Articles by this author
