Kraken, the US’s second-largest crypto exchange, has rejected extortion threats from a criminal group after two incidents of unauthorized access to limited client support data in the past year, reigniting investors’ concerns about insider threats.
Kraken Fights Back Extortion DemandsIn a security update, the CSO affirmed that Kraken had identified and shut down two instances of inappropriate access to limited client support data since 2025. Per the post, the crypto exchange received a tip about a video shared on a criminal forum. The video reportedly showed access to Kraken’s client support system.
The exchange “immediately launched an investigation and quickly identified the individual involved as a member of our support team,” Percoco explained, “Their access was revoked immediately, a full investigation was conducted, additional security controls were put in place and a limited number of affected clients were notified.”
More recently, they received another tip with a new video showing similar activity, prompting a new investigation to identify the parties involved, terminate their access, and notify the affected clients.
“Shortly after access was terminated, we began receiving extortion demands,” the security chief stated. “The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply.”
Kraken has now publicly rejected the criminal demands, declaring that they “will not pay these criminals” and “will not ever negotiate with bad actors.”
In the announcement, the exchange highlighted that it has been collaborating with industry partners and law enforcement to “investigate and disrupt insider recruitment efforts targeting not only crypto companies, but also gaming and telecommunications organizations.”
Crypto Community Raises Insider Access ConcernsCrypto investors and Kraken users online reacted to the news, questioning the exchange about the details of the two incidents and criticizing the exchange for offshoring customer support staff.
However, details of whether the inappropriate data access was from an in-house support team or an overseas third-party support staff have not been revealed yet.
This led to the leak of names, email addresses, limited transaction records, and partial Social Security numbers of around 1% of the exchange’s users. Then, the attackers attempted to blackmail Coinbase using the breached information, demanding a $20 million Bitcoin (BTC) ransom for the sensitive data.
