CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Kraken cryptocurrency exchange targeted in insider-facilitated extortion attempt

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A cybercrime group attempted to extort Kraken, a major U.S.-based cryptocurrency exchange, by threatening to release videos of internal systems containing client data if demands were not met. The threat actor leveraged an insider threat, recruiting two support employees to improperly access limited customer data. Kraken confirmed no client funds were at risk and stated it will not negotiate with the extortionists. The incidents, first detected via a tip in February 2025 and later confirmed in a second video, affected approximately 2,000 accounts (0.02% of the user base), with exposure limited to client support data. Kraken has revoked unauthorized access, notified affected users, and is collaborating with law enforcement to pursue legal action against the involved individuals.

Timeline

  1. 15.04.2026 00:58 1 articles · 2h ago

    Insider-facilitated extortion attempt against Kraken cryptocurrency exchange disclosed

    Kraken disclosed an extortion attempt by a cybercrime group after discovering videos demonstrating insider access to client support systems. The threat actor recruited two support employees to improperly access limited customer data, affecting approximately 2,000 accounts (0.02% of the user base). Kraken revoked unauthorized access, notified affected users, and is pursuing legal action with federal law enforcement.

    Show sources
    Open in new tab

Information Snippets

  • Kraken, a U.S.-based cryptocurrency exchange with millions of users and a daily trading volume of hundreds of millions of USD, was extorted by a cybercrime group threatening to release videos of internal systems with client data.

    First reported: 15.04.2026 00:58
    1 source, 1 article
    Show sources

  • The extortion attempt involved an insider threat, with two support employees recruited by the threat actor to improperly access limited customer data.

    First reported: 15.04.2026 00:58
    1 source, 1 article
    Show sources

  • Kraken confirmed no client funds were at risk and stated it will not pay or negotiate with the extortionists.

    First reported: 15.04.2026 00:58
    1 source, 1 article
    Show sources

  • The first video demonstrating access to Kraken’s client support systems was discovered via a tip from a trusted source in February 2025, leading to an investigation that uncovered the first insider.

    First reported: 15.04.2026 00:58
    1 source, 1 article
    Show sources

  • A second, more recent video showing insider access prompted further investigation, with both employees’ access revoked and controls strengthened.

    First reported: 15.04.2026 00:58
    1 source, 1 article
    Show sources

  • The incident affected approximately 2,000 accounts (0.02% of Kraken’s user base), with exposed information limited to client support data.

    First reported: 15.04.2026 00:58
    1 source, 1 article
    Show sources

  • Kraken is collaborating with federal law enforcement across multiple jurisdictions to pursue legal action against the individuals involved in the extortion attempt.

    First reported: 15.04.2026 00:58
    1 source, 1 article
    Show sources