- Kraken faces extortion after insiders leak support system videos
- Around 2,000 customer accounts potentially viewed, no funds breach
- The company refuses to pay and an investigation is underway to identify the culprits
One of the largest cryptocurrency exchanges, Kraken, is facing an extortion lawsuit, after malicious insiders recorded a video of its customer support systems.
Kraken Chief Security Officer Nick Percoco shared an announcement on X, describing the incident and saying what the company’s plans are.
“We are currently being extorted by a criminal group that threatens us with publishing videos of our internal systems with customer data if we do not comply with their demands,” he begins. “It’s important to start with the most important points: our systems were never breached; funds were never at risk; we will not pay these criminals; we will never negotiate with bad actors.”
Article continues below.
Identifying the attackers
As Percoco explained, in February 2025, the company became aware of a video circulating on the dark web showing access to Kraken’s customer support system. The video traces back to a malicious insider: a member of the company’s support team. Kraken revoked their access and put additional security controls in place.
However, shortly after the first, a new video appeared showing similar activity. Once again, a malicious informant was blamed.
“In both incidents, only a very small number of customer accounts were potentially seen: approximately 2,000 in total (0.02% of customers).” Percoco stressed.
Shortly after the criminals lost access, Kraken received extortion demands. The attackers threatened to distribute materials from these two incidents to both traditional media and social media unless payment was made. Percoco did not say whether the actors belong to any known criminal groups and did not say how much money they were asking for. Kraken doesn’t pay anyway.
A criminal investigation is underway, the company added, stating that there is sufficient evidence to identify and arrest those responsible.
Today, malicious internal users pose as big a risk as external threats. Cryptocurrency exchanges are often targeted, and even the biggest names are not immune. Coinbase, Kraken, Binance: these are just some of the names that had to face a malicious insider.
North Korean state-sponsored threat actors Lazarus are known to attack crypto exchanges through fake employees, in a campaign called Operation DreamJob. However, Lazarus rarely resorts to extortion, preferring to steal the coins himself.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
