Crypto exchange Kraken is facing an extortion attempt from a criminal group that is threatening to release videos purportedly showing access to internal systems containing customer data, the company announced Monday.
The Wyoming-based company said it identified and closed two cases of inappropriate access related to individuals within its support team, each involving limited customer data.
“Our systems have never been hacked; funds have never been at risk; we will not pay these criminals; we will never trade with bad actors,” Nick Percoco, Payward and Kraken’s chief security and information officer, said in an article on X.
The first incident occurred in February 2025, when Kraken received a tip about a video circulating on a criminal forum. An internal investigation identified the person involved, revoked their access and led to additional security checks. A limited number of affected customers have been informed.
More recently, Kraken received another tip and a similar video. The company said it has re-identified the person responsible, terminated their access and informed affected users.
Security incidents remain a persistent problem in crypto, as the sector combines high-value, easily transferable assets with technical and human vulnerabilities. Digital assets can instantly cross borders and are often irreversible once lost, making them attractive targets for malicious actors. At the same time, weaknesses in smart contracts, private key management, and exchange infrastructure can create exploitable entry points, while phishing and social engineering schemes continue to directly target users.
Recent cryptographic exploits have demonstrated increasing sophistication, with attackers combining smart contract vulnerabilities, social engineering and rapid movement of funds to maximize their impact.
In cases like the Drift exploit, adversaries appear to have used a deep understanding of protocol mechanisms and liquidity conditions to manipulate systems in ways that are difficult to detect in real time, highlighting how complex and rapidly evolving decentralized finance (DeFi) environments can create opportunities for advanced attacks.
Kraken is a United States-based cryptocurrency exchange operated by Payward Inc., offering spot and derivatives trading, as well as digital asset custody and staking services. Founded in 2011, the platform serves retail and institutional clients around the world, providing access to cryptocurrencies such as bitcoin. and ether (ETH), as well as fiat on- and off-ramps. The company is also known for its emphasis on security and regulatory compliance across multiple jurisdictions.
During the two incidents, approximately 2,000 customer accounts were potentially accessed, according to the company. Kraken has millions of customers and the security events have only affected 0.02% of its customer base, a person with knowledge of the matter told CoinDesk.
Kraken said it began receiving extortion demands shortly after the latest access was disrupted, with the group threatening to distribute materials relating to the two incidents to media outlets and on social media. The company said it would not comply.
The exchange added that it was working with industry and law enforcement partners to investigate what it described as broader insider recruitment efforts targeting crypto, gaming and telecommunications companies. He believes there is enough evidence to identify and arrest those responsible.
“The security of our customers is our top priority, and we remain fully committed to combating the growing global threat of internal recruitment and constantly improving our security practices to combat new threats,” Percoco added.
Galaxy Digital (GLXY), the digital asset financial services company founded by Mike Novogratz, said it recently contained a cybersecurity incident involving unauthorized access to an isolated development workspace. No customer funds or account data were accessed or put at risk.
Learn more: Galaxy Digital testnet hacked, but no funds or customer information compromised
