Cryptocurrency exchange Kraken has announced that two former employees of its internal support team are facing a blackmail attempt by a criminal group after they were found to have improperly accessed limited customer information. The group in question threatened to publish videos that it claimed belonged to internal systems.
Internal access and rapid response
Kraken, headquartered in the US state of Wyoming, quickly terminated access to the individuals involved in both cases. Following the incidents, the company implemented new security controls and sent warning notifications to affected customer accounts.
The first incident came to light in February 2025, with a video tip circulating on the crime forum. As a result of the investigation, the relevant team member’s access was revoked; Additionally, security levels have been increased.
The second similar incident occurred recently. Kraken notified potential victims while removing access associated with the re-identified person.
In total, approximately 2,000 customer accounts were potentially viewed, according to the company. Considering that Kraken has millions of customers, this number corresponds to only 0.02 percent of all users.
Nick Percoco, head of the security team, stated that the systems were never completely compromised and the funds were in no way compromised. It was emphasized that the company would not pay the criminals and refused to negotiate.
“Our systems were never breached; funds were never at risk; we will not pay these criminals and will never sit at the bargaining table with malicious individuals,” the company’s stance was revealed.
Increasing diversity of attacks in the industry
Attackers continue to target crypto platforms because high-value transfers can occur instantaneously in the digital asset ecosystem and transactions are often irreversible.
Vulnerabilities in smart contracts, weaknesses in private key management and the technical infrastructure of exchanges create points that cyber attackers can exploit. In addition, fraud attempts against users using social engineering methods remain on the agenda.
As in the recent incident on the Drift platform, attackers manage to manipulate systems by combining advanced techniques that master the mechanical details and liquidity conditions of the protocol. Such scenarios point to how complex and rapid attacks can be in decentralized finance ecosystems.
Kraken also announced that after the data breach, the criminal group threatened to spread the materials in its possession through the press and social media. The company categorically rejects these demands.
According to the information provided by the company, the investigation determined that cybercriminals focused on internal recruitment efforts not only in the crypto field, but also in companies in the gaming and telecommunications sectors. In this context, Kraken is working with industry partners and security units and believes that the perpetrators can be identified.
In a separate development, Galaxy Digital, which operates in enterprise customer services, recently reported that it prevented unauthorized access to an isolated development environment. The company announced that customer data or funds are not in any danger.
