Kraken's Inside Job: Rogue Support Staff Leak 2K Clients' Data, Extortionists Now Crying for Attention Instead of Sats

Kraken is currently navigating through a rather inconvenient situation after discovering that some of its support staff decided to explore their entrepreneurial side by leaking client data. The exchange's Chief Security Officer Nick Percoco dropped this little bombshell on X, revealing that the company caught wind of two separate incidents where employees decided that "improper access" was just a fancy term for "employee benefits."

The first breach went down in February 2025, when a concerned tipster apparently couldn't resist alerting Kraken about footage of sensitive data doing the rounds on criminal forums. The company swiftly revoked the staff member's access and slapped on some additional security controls. But because crypto drama never comes alone, Kraken recently stumbled upon yet another breach involving a different employee who apparently missed the memo about fiduciary duty.

Shortly after uncovering the second incident, Kraken found itself on the receiving end of some classic extortion attempts. "The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply. We will not pay these criminals," Percoco clarified, apparently unaware that negotiating with bad actors is generally considered poor form in the Web3 social contract.

The leaked data ended up affecting approximately 2,000 clients in total, which sounds terrifying until you do the math and realize that's just 0.02% of Kraken's customer base. For context, you have a better chance of finding a functioning USB-C cable in a crypto office than being part of this particular club. All impacted users have apparently received the lovely notification email nobody wants to open.

Kraken is currently playing nice with federal law enforcement across multiple jurisdictions, working overtime to identify and arrest the culprits. The company made it crystal clear that it won't be negotiating with these digital desperados, choosing transparency over the classic corporate hush-money playbook.

The stolen data reportedly surfaced for sale earlier this year on Russian-speaking criminal forums, where vendors were apparently marketing login credentials that provided read-only access to KYC documentation, transaction histories, and support tickets. Because apparently, support ticket histories are the new black market commodity. Who knew your complaint about missing transaction confirmations held such value?

For those keeping score at home, this isn't even the first crypto exchange to experience this particular flavor of workplace betrayal in 2025. Coinbase also found itself in hot water this year when cybercriminals apparently discovered that bribery works just as well on customer service representatives as it does on politicians. The Coinbase incident involved staff being brib