Crypto exchange Kraken targeted in extortion attempt; says no breach and no funds at risk
Crypto exchange Kraken is facing an extortion attempt by a criminal group that threatens to release videos purportedly showing access to internal systems containing client data, the company said Monday.
The Wyoming-based firm said it identified and shut down two instances of inappropriate access tied to individuals within its support team, each involving limited client data.
“Our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors,” said Nick Percoco, chief security and information officer of Payward and Kraken, in a post on X.
The first incident came in February 2025, when Kraken received a tip about a video circulating on a criminal forum. An internal investigation identified the individual involved, revoked their access and led to additional security controls. A limited number of affected clients were notified.
More recently, Kraken received another tip and a similar video. The company said it again identified the individual responsible, terminated their access and notified affected users.
Security incidents remain a persistent issue in crypto because the industry combines high-value, easily transferable assets with technical and human vulnerabilities. Digital assets can be moved instantly across borders and are often irreversible once lost, making them attractive targets for malicious actors. At the same time, weaknesses in smart contracts, private key management and exchange infrastructure can create exploitable entry points, while phishing and social engineering schemes continue to target users directly.
Recent crypto exploits have shown increasing sophistication, with attackers combining smart contract vulnerabilities, social engineering and rapid fund movement to maximize impact.
In cases like the Drift exploit, adversaries appear to have used a deep understanding of protocol mechanics and liquidity conditions to manipulate systems in ways that are difficult to detect in real time, underscoring how complex and fast-moving decentralized finance (DeFi) environments can create opportunities for advanced attacks.
Kraken is a U.S.-based cryptocurrency exchange operated by Payward Inc., offering spot and derivatives trading, as well as custody and staking services for digital assets. Founded in 2011, the platform serves retail and institutional clients globally, providing access to cryptocurrencies such as bitcoin and ether (ETH), as well as fiat on- and off-ramps. The company is also known for its focus on security and regulatory compliance across multiple jurisdictions.
Across both incidents, approximately 2,000 client accounts were potentially viewed, according to the company. Kraken has millions of customers, and the security events affected only 0.02% of their client base, a person with knowledge of the matter told CoinDesk.
Kraken said it began receiving extortion demands shortly after the latest access was cut off, with the group threatening to distribute materials from both incidents to media outlets and on social media. The company said it will not comply.
The exchange added that it has been working with industry partners and law enforcement to investigate what it describes as broader insider recruitment efforts targeting crypto, gaming and telecommunications firms. It said it believes there is sufficient evidence to identify and arrest those responsible.
“The security of our clients is our highest priority, and we remain fully committed to combating the growing global threat of insider recruitment and constantly enhancing our security practices to combat new threats,” Percoco added.
Galaxy Digital (GLXY), the digital asset financial services firm founded by Mike Novogratz, said it also recently contained a cybersecurity incident involving unauthorized access to an isolated development workspace. No client funds or account data were accessed or at risk.
Read more: Galaxy Digital’s testnet suffers hack but no client funds or information were compromised
