Kraken Says Hackers Tried to Extort Exchange After Insider Access to Support Data

What happened

Kraken said a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that contain client data. The exchange said the incident did not involve a breach of its systems and did not put client funds at risk. According to Kraken Chief Security Officer Nick Percoco, the company identified two separate instances of improper access to limited customer data by support employees, describing the matter as an insider threat rather than an external network compromise. Kraken said it first began investigating after a trusted source in February 2025 warned that cybercriminals were circulating a video showing access to its client support systems. A more recent tip then pointed to another video showing insider access. In both cases, Kraken said it revoked employee access, launched investigations, and strengthened controls. 

Who is affected

Kraken said the incident affects about 2,000 accounts, or roughly 0.02% of its user base. The company said the exposed information for that subset was limited to client support data. Kraken also said it directly notified users where exposure was identified. 

Why CISOs should care

This incident matters because it shows how insider recruitment can create real exposure even when core systems are not technically breached. It also highlights the growing pressure on firms to defend not only against external compromise, but also against malicious recruitment or coercion of employees who already have authorized access to sensitive customer-facing systems. 

3 practical actions

1. Reassess insider-risk controls: Review monitoring, access scope, and escalation paths for support staff and other employees who can view sensitive customer data. 
2. Harden response to extortion claims: Make sure security, legal, and communications teams can move quickly when attackers threaten to publish internal videos or customer-related information. 
3. Treat employee recruitment as an attack path: Include coercion and criminal recruitment of insiders in threat models, especially for high-volume support and operations teams. 

For more news about intrusions and extortion attempts involving internal access, click Cyberattack to read more.