Leading cryptocurrency exchange Kraken has publicly disclosed a blackmail attempt linked to a past security incident involving a former employee. The exchange confirmed that an attacker, identified as a former member of its support team, is threatening to leak video evidence of unauthorized system access that recorded customer information.
The situation stems from two separate security events. The initial incident occurred in February 2024, with a more recent event prompting the current extortion attempt. Kraken's security team discovered that the individual allegedly maintained unauthorized access pathways after their employment ended.
Approximately 2,000 customer accounts experienced data exposure during these events. Importantly, Kraken emphasized that no system-wide hack occurred and customer funds remained completely secure. The breach was limited to data access, not financial theft.
Kraken has taken a firm stance, stating it will not comply with any financial extortion demands. The company is cooperating fully with law enforcement agencies to investigate the matter. Upon discovering the original breach, Kraken's internal investigation led to the identification of the individual involved, and all their system access privileges were immediately revoked. The exchange has since implemented enhanced security measures.
This incident highlights the persistent challenge of insider threats, which according to recent cybersecurity reports, represent about 34% of all data breaches across financial sectors. Affected Kraken customers have been notified and provided with guidance on protective steps, including password changes and enhanced account monitoring.
