'We are currently being extorted' — crypto giant Kraken says it is facing extortion attack, here's what we know

News
By published

The identity of the Kraken attackers isn't yet known

Bitcoin
(Image credit: Shutterstock)
  • Kraken faces extortion after insiders leaked support system videos
  • Around 2,000 client accounts potentially viewed, no breach of funds
  • Company refuses to pay, investigation underway to identify culprits

One of the biggest cryptocurrency exchanges - Kraken - is facing an extortion demand, after malicious insiders recorded a video of its client support systems.

Kraken’s Chief Security Officer, Nick Percoco, shared an announcement on X, describing the incident and saying what the company’s plans are.

“We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands,” he begins. “It’s important to start with the most important points: our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors.”

Article continues below

Identifying the attackers

As Percoco explained, in February 2025, the company was made aware of a video circulating on the dark web, showing access to Kraken’s client support system. The video was traced back to a malicious insider - a member of the company’s support team. Kraken revoked their access and placed additional security controls.

However, soon after the first one - a new video emerged showing similar activity. Again, a malicious insider was blamed.

“Across both incidents, only a very small number of client accounts were potentially viewed - approximately 2,000 in total (0.02% of clients).” Percoco stressed.

Soon after the crooks lost access, Kraken received extortion demands. The attackers threatened to distribute the materials from these two incidents to both traditional media, and social media, unless a payment is made. Percoco did not say if the actors belong to a known criminal group, and did not say how much money they were asking for. Kraken isn’t paying anyhow.

A criminal investigation is underway, the company added, saying that there is enough evidence to identify and arrest the responsible individuals.

These days, malicious insiders are as big of a risk as external threats. Cryptocurrency exchanges are often targeted, and even the biggest names aren’t immune. Coinbase, Kraken, Binance - these are just some of the names that have had to tackle a malicious insider.

North Korean state-sponsored threat actors Lazarus are known to target crypto exchanges through fake employees, in a campaign called Operation DreamJob. However, Lazarus rarely goes for extortion, and would rather just steal the coins themselves.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.