Crypto Exchange Kraken Faces Fraud Attempt After Intrusion Incidents Involving Support Staff
Crypto exchange Kraken has disclosed two security incidents related to an insider involving support staff access to limited customer data, followed by a fraud attempt by a criminal group, according to the company’s statement and comments from its chief security officer.
The company said no systems were breached and no customer funds were at risk in either case. Both incidents involved improper access to internal support tools rather than core trading infrastructure, and access was revoked once identified.
Kraken Chief Security Officer Nick Percoco said the company is dealing with demands from attackers who claim they have videos showing internal systems containing customer data. The group threatened to release the material unless the Kraken complied.
“Our systems have never been compromised; funds have never been compromised; we will not pay these criminals,” Percoco said in a public statement, adding that the company would not negotiate with the actors involved.
Kraken said about 2,000 customer accounts were viewed in both incidents, representing about 0.02% of its global users. Affected users have been notified, and the company said the information disclosed was limited to supporting data rather than sensitive financial controls.
Multiple security breaches at Kraken
The first incident dates back to February 2025, when the company receives a tip about a video circulating at a crime scene. An internal investigation identified a support team member as the source of access. Kraken said it revoked permissions, conducted an update, and implemented additional safeguards.
The second incident came later after another tip referred to the same items tied to a different person. Kraken said it also identified the source, cut off access, and notified affected users while strengthening internal controls.
The situation escalated after the recent access ban, when a video surveillance group issued extortion demands. Kraken said the attackers threatened to distribute the content to media outlets and social media.
The change said it is working with law enforcement in many areas and believes there is enough evidence to identify and track those involved. The company also pointed to extensive internal recruiting efforts targeting firms across crypto, gaming, and telecommunications.
Security experts have warned that insider threats remain a constant threat in digital asset markets, where support roles often need to be seen on user accounts to resolve issues. Although such access is limited, it can be a target for coercion or exploitation.
Kraken said it continues to review internal procedures, strengthen monitoring systems, and limit access rights to minimize exposure. The company emphasized that its core infrastructure remains secure in both incidents.
The case comes as the industry faces ongoing security challenges associated with external attacks and internal vulnerabilities. The combination of high-value assets and global reach has made crypto platforms a common target for coordinated campaigns.
In a separate disclosure, Galaxy Digital reported a cyber security incident involving unauthorized access to an isolated development site. The company, founded by Mike Novogratz, said no customer data or money was affected.
Kraken said he will continue to work with investigators and industry partners as the case progresses. The company framed these incidents as incidents while warning of a broader pattern of insider-focused threats facing tech firms.
