Cryptocurrency exchange Kraken reports it has encountered a blackmail attempt by hackers following a series of insider incidents. The attackers are threatening to publish video recordings of the company's internal systems, allegedly revealing client data.
Kraken's Chief Information Security Officer (CSO), Nick Percoco, stated on social media that this was not an external hack: Kraken's infrastructure was not compromised, and user funds were not affected. The incident was caused by unauthorized access by customer support staff to a limited set of data.
The company first received warning signs of a potential problem in February 2025, when a trusted source alerted Kraken representatives to a video circulating in the cybercriminal community, demonstrating access to customer support systems. An investigation later revealed that one of the support staff had indeed been recruited by hackers.
Later, information emerged about a second, more recent, similar incident. In both cases, Kraken promptly blocked the compromised employees' access, launched internal investigations, and strengthened controls. Users whose data may have been affected by the breach were notified.
These issues reportedly affected approximately 2,000 accounts (0.02% of Kraken's total customer base). According to the company, the compromise was limited to information from the support system and did not affect users' financial assets.
Exchange representatives emphasize that they have collected sufficient data and evidence to prosecute those involved in the blackmail and are already cooperating with federal law enforcement agencies in several jurisdictions.
It's worth noting that insider threats and employee bribery are becoming increasingly common, especially in the crypto industry. Human error remains one of the main risks to data security.
For example, in 2025, the Coinbase exchange reported a data breach involving 70,000 users. This incident was linked to bribery of outsourced call center employees (who were later arrested ). At the time, the damage caused by the attackers' actions was estimated at $400 million.
Kraken's Chief Information Security Officer (CSO), Nick Percoco, stated on social media that this was not an external hack: Kraken's infrastructure was not compromised, and user funds were not affected. The incident was caused by unauthorized access by customer support staff to a limited set of data.
| "We are currently being blackmailed by a criminal group, threatening to release video recordings of our internal systems containing customer data unless we comply with their demands," Percoco stated. "It's important to understand that our systems have not been hacked, and no customer funds have been harmed. We have no intention of paying the criminals and will never negotiate with them." |
Later, information emerged about a second, more recent, similar incident. In both cases, Kraken promptly blocked the compromised employees' access, launched internal investigations, and strengthened controls. Users whose data may have been affected by the breach were notified.
These issues reportedly affected approximately 2,000 accounts (0.02% of Kraken's total customer base). According to the company, the compromise was limited to information from the support system and did not affect users' financial assets.
Exchange representatives emphasize that they have collected sufficient data and evidence to prosecute those involved in the blackmail and are already cooperating with federal law enforcement agencies in several jurisdictions.
It's worth noting that insider threats and employee bribery are becoming increasingly common, especially in the crypto industry. Human error remains one of the main risks to data security.
For example, in 2025, the Coinbase exchange reported a data breach involving 70,000 users. This incident was linked to bribery of outsourced call center employees (who were later arrested ). At the time, the damage caused by the attackers' actions was estimated at $400 million.