- Kraken faces extortion after insiders leak support system videos
- About 2,000 client accounts potentially seen, no breach of funds
- The company refuses to pay, investigation underway to identify the culprits
One of the largest cryptocurrency exchanges – Kraken – is facing an extortion claim after malicious insiders recorded a video of its client support systems.
Kraken’s Chief Security Officer, Nick Percoco, shared a message on X describing the incident and saying what the company’s plans are.
“We are currently being blackmailed by a criminal group who are threatening to release videos of our internal systems showing customer data if we do not comply with their demands,” he begins. “It’s important to start with the most important points: our systems were never breached; funds were never at risk; we will not pay these criminals; we will never negotiate with bad actors.”
The article continues below
Identification of the attackers
As Percoco explained, in February 2025, the company was made aware of a video circulating on the dark web that showed access to Kraken’s client support system. The video was traced back to a malicious insider – a member of the company’s support team. The Kraken revoked their access and placed additional security controls.
But soon after the first one – a new video appeared showing similar activity. Again, a malicious insider was blamed.
“Across both incidents, only a very small number of client accounts were potentially viewed – approximately 2,000 in total (0.02% of clients).” Percoco stressed.
Shortly after the villains lost access, Kraken received blackmail demands. The attackers threatened to distribute the materials from these two incidents to both traditional media and social media unless a payment was made. Percoco did not say whether the actors belong to a known criminal group and did not say how much money they were asking for. Kraken doesn’t pay anyway.
A criminal investigation is underway, the company added, saying there is enough evidence to identify and arrest those responsible.
These days, malicious insiders are as big a risk as external threats. Cryptocurrency exchanges are often targeted, and even the biggest names are not immune. Coinbase, Kraken, Binance – these are just some of the names that have had to deal with a malicious insider.
North Korean state-sponsored threat actors Lazarus are known to target crypto exchanges through fake employees in a campaign called Operation DreamJob. However, Lazarus rarely goes to blackmail, and would rather just steal the coins himself.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
