Add TechGaged as your preferred source on Google

See more TechGaged stories across Google News and Discover.

Add

Kraken says it is facing an extortion attempt tied to insider misuse of internal systems, and not an external hack. The exchange confirmed that no funds were at risk and core infrastructure was never breached. Around 2,000 client accounts were potentially viewed, representing a tiny fraction of users.

Insider access misuse triggers extortion threat

According to the X post shared by Nick Percoco, the company’s chief security officer, on April 14, the issue stems from two separate incidents involving members of its support team. 

The first was identified in February 2025 after a tip revealed a video circulating on a criminal forum showing access to internal tools. Kraken says it quickly traced the activity to an employee. It revoked their access and notified affected users.

A second, similar case surfaced more recently, again flagged through external intelligence. Kraken says it acted immediately to terminate access and contain the situation. Across both cases, the exposure was limited to support data, not funds or core trading systems.

The company emphasized that these were cases of inappropriate internal access rather than a breach of its infrastructure. Still, the incidents highlight a growing risk vector in the crypto industry: insider targeting.

Kraken rejects demands and works with law enforcement

Following the shutdown of access, Kraken says it began receiving extortion demands. The group behind the attempt threatened to release videos and materials to media and social platforms unless the company complied. However, Kraken made its stance clear. It will not pay or negotiate.

The exchange says it is now working with law enforcement across multiple jurisdictions and believes there is enough evidence to identify and arrest those responsible. It has also been collaborating with industry partners to track broader insider recruitment campaigns targeting gaming and telecom firms as well.

For users, the takeaway is relatively contained but notable. Though the number of affected accounts is small and no funds were compromised, the incident shows how attackers are increasingly shifting from direct hacks to targeting employees as a way into sensitive systems.