Criminal Group Threatens to Release Internal System Videos
Cryptocurrency exchange Kraken has gone public with an ongoing extortion attempt in which a cybercriminal group is threatening to release footage of the company's internal systems — footage that reportedly shows client data — unless their demands are met. The announcement was made by Kraken's Chief Security Officer, Nick Percoco, who was unequivocal in stating that the company refuses to engage with the attackers.
"We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands. It's important to start with the most important points: our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors."
Percoco emphasized that at no point were client funds placed in jeopardy, and the root cause of the incident was not an external system compromise but rather an insider threat — specifically, two separate instances in which support employees improperly accessed limited customer data.
About Kraken
Kraken is a U.S.-based cryptocurrency exchange that serves millions of users across 190 countries, offering the ability to buy, sell, and trade digital assets including Bitcoin, Ethereum, and more than 200 other cryptocurrencies. The platform is widely regarded as one of the largest and most established exchanges globally, routinely recording daily trading volumes in the hundreds of millions of U.S. dollars.
How the Incidents Unfolded
The first incident dates back to February 2025, when Kraken received a tip from a trusted source indicating that cybercriminals were circulating a video that appeared to demonstrate access to the exchange's client support systems. Acting on that information, Kraken launched an internal investigation and uncovered that a support employee had been recruited by the threat actor.
More recently, the company received a second tip describing a newer video that similarly showed insider access to its systems. In both cases, Kraken responded swiftly by revoking the relevant employee's access, opening formal investigations, and reinforcing its internal security controls. Where user exposure was identified, the company reached out directly to the affected individuals.
Scope of User Impact
Despite the seriousness of the extortion attempt, the actual number of users whose data was exposed remains relatively limited. According to Percoco, the incidents affect approximately 2,000 accounts, which represents just 0.02% of Kraken's total user base. The information that was accessed is described as being confined to client support data, with no indication that more sensitive financial or authentication data was compromised.
Legal Action and Law Enforcement Cooperation
Kraken has stated that its investigation has produced sufficient evidence to pursue legal prosecution against all individuals involved in the blackmail scheme. The company is actively cooperating with federal law enforcement across multiple jurisdictions as it moves toward that goal. Kraken's firm stance — no payment, no negotiation — mirrors widely recommended best practices for dealing with extortion-based threats.
A Growing Threat Across the Crypto Industry
The incidents at Kraken are not isolated examples. Insider threats and the deliberate recruitment of employees to facilitate unauthorized data access have become a recurring and serious problem across numerous industries, with the cryptocurrency sector proving to be a particularly attractive target for such schemes.
In mid-2025, it was revealed that another major American cryptocurrency exchange, Coinbase, had experienced a significant data breach after hackers bribed employees at an India-based customer support agency. Those bribed employees provided the attackers with private client support information. The Coinbase breach impacted 70,000 customers, and the company estimated total financial damages at $400 million.
Key Takeaways
- Kraken is under active extortion from a criminal group threatening to release videos of internal systems showing client data.
- Two support employees were recruited by threat actors and improperly accessed limited customer data on separate occasions.
- Approximately 2,000 accounts — or 0.02% of the user base — were affected, with exposure limited to client support data.
- No client funds were at risk, and Kraken's core systems were not breached.
- Kraken is working with federal law enforcement across multiple jurisdictions and has pledged not to pay or negotiate with the attackers.
- The incident mirrors a broader trend of insider recruitment attacks in the crypto industry, as seen in the Coinbase breach that resulted in an estimated $400 million in damages.
As the cryptocurrency industry continues to grow, so too does its appeal to threat actors willing to exploit human vulnerabilities rather than technical ones. The Kraken incident serves as a stark reminder that even robust technical defenses can be undermined when malicious actors target employees directly.
Source: BleepingComputer