Kraken Tells Extortionists to Hold On: No Breach, No Funds Gone, No Deal

Kraken is currently dodging an extortion bullet from a criminal crew threatening to leak videos of internal systems access—because apparently someone's been trying to sell "exclusive footage" of client data to the highest bidder. One might expect a Michael Bay sequel, but apparently this drama is playing out in a support ticket queue somewhere.

The Wyoming-based exchange says it caught two of its own support team members peeking where they shouldn't, each time grabbing limited client info before getting the boot. "Our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors," said Nick Percoco, chief security and information officer at Payward and Kraken. In crypto terms, that's basically the digital equivalent of hanging up on a telemarketer mid-sentence.

February 2025 marked the first incident: a tip came in about a video floating on a criminal forum, internal investigators tracked down the culprit, revoked their access, tightened security, and notified the handful of affected clients. Fast forward to the more recent follow-up, and Kraken did the same song and dance—different person, same playbook, same swift termination. Apparently the sequel hit the same director.

Across both stunts, roughly 2,000 client accounts got an unwanted peek behind the curtain—about 0.02% of Kraken's millions of users, for those counting percentages while sipping morning coffee. It's the kind of stat that makes you feel either very unlucky or extremely average, depending on your worldview.

The plot thickens: shortly after cutting off the latest access, extortion demands started rolling in. The group threatened to dump materials from both incidents to media outlets and social media. Kraken's response? Hard pass. Apparently the exchange decided that paying ransom to people who already showed they can't be trusted is about as wise as sending your recovery phrase via email.

The exchange says it's working with industry partners and law enforcement to investigate what it describes as broader insider recruitment campaigns targeting crypto, gaming, and telecommunications companies. The team believes there's enough evidence to identify and arrest the masterminds. One can only hope the sequel writers don't get too creative with the storyline.

"The security of our clients is our highest priority, and we remain fully committed to combating the growing global threat of insider recruitment and constantly enhancing our security practices to combat new threats," Percoco added. Because when your threat model includes your own employees, "constantly enhancing" becomes less corporate buzzword and more survival strategy.

For context, crypto's ongoing security headache exists because the space pairs high-value, instantly transferable assets with plenty of human and technical weak points. Digital assets move fast across borders and don't come with refunds, making them attractive to those with less-than-legal intentions. It's basically a bank vault that moves at light speed and has a "steal from the teller" button installed by default.

Galaxy Digital also recently contained its own cybersecurity hiccup—unauthorized access to an isolated development workspace, with no client funds or account data affected. Because apparently even the good guys are getting reminded that security is a verb, not a noun.