Kraken has found itself at the centre of an extortion attempt, but the crypto exchange insists there has been no breach of its systems and no risk to client funds.
The situation, while serious, appears to stem from insider misuse rather than an external cyberattack.
The company revealed that a criminal group recently tried to pressure it into paying a ransom.
In return, the attackers claimed they would withhold sensitive material, including internal recordings and limited user data.
Kraken refused to engage with the criminal group.
Insider access at the centre of the incident
According to the Chief Security Officer at Kraken, Nick Percoco, the issue traces back to internal support systems that were misused by a small number of people.
These systems are designed to help customer service teams resolve user issues.
While they do contain certain account-related information, they are far removed from the exchange’s core infrastructure.
This distinction matters, as it explains why the incident was contained and did not escalate into a broader security failure.
The misuse was discovered after suspicious material, including videos that appeared to show internal tools being accessed, began circulating online.
Once identified, Kraken acted quickly. Access was revoked, the individuals involved were removed, and an internal investigation was launched.
What followed was a familiar pattern in cybercrime. After losing access, the perpetrators shifted tactics. Instead of continuing to exploit the systems, they attempted to turn what they had already obtained into leverage.
Extortion attempt followed the swift response
With their access cut off, the attackers moved to extortion. They claimed to possess internal videos and fragments of user-related data, threatening to release them publicly unless a payment was made.
Kraken’s response was firm. The company declined to pay and instead escalated the matter to law enforcement. It also began working with partners across different jurisdictions to track down those responsible.
The exchange emphasised that it has gathered enough information to support investigations and potential arrests.
While extortion attempts are not uncommon in the digital space, this case stands out because of how it unfolded. The attackers did not breach the system through technical means. Instead, they relied on human access points, an approach that is becoming more frequent.
Limited impact, no risk to funds
Despite the headlines, the overall impact appears to be limited.
Kraken reported that around 2,000 accounts were potentially affected, representing a very small fraction of its user base.
The data involved was restricted to customer support interactions.
There is no indication that sensitive financial details, private keys, or trading systems were exposed.
Most importantly, client funds remained secure throughout the incident.
Affected users have been notified, and additional safeguards have been put in place.
Kraken has also reviewed its internal controls to reduce the likelihood of similar incidents in the future.
https://invezz.com/news/2026/04/13/kraken-hit-by-extortion-threat-2000-accounts-affected-but-no-breach-reported/
