The Anatomy of the Insider Incident

The situation stems from two separate incidents involving “malicious insiders” within Kraken’s customer support department. In early 2025, the company was alerted to a video circulating on the dark web that showcased unauthorized access to internal support tools.

An immediate forensic investigation traced the activity back to a specific employee, whose access was promptly revoked.

More recently, a second, similar video surfaced, prompting another round of internal purges. Kraken’s Chief Security Officer, Nick Percoco, revealed that these individuals had recorded their screens to document their access to support interfaces.

While the footage appears alarming, the exchange emphasized that this was not a systemic hack or a breach of their underlying blockchain architecture.

Minimal Impact on Global User Base

Despite the high-profile nature of the extortion attempt, the actual data exposure remains remarkably narrow. Kraken reports that approximately 2,000 accounts, representing just 0.02% of its total global clientele, were potentially viewed during these lapses.

The exchange has already reached out to the affected individuals to provide guidance and ensure their account security is reinforced.

Crucially, the support systems in question do not grant access to private keys or direct fund transfers. Consequently, the company has maintained a consistent message: at no point were client assets at risk of theft.

A Defiant Refusal to Negotiate

The extortionists, whose identities have not been disclosed, threatened to leak the recorded footage to mainstream media and social platforms unless a ransom was paid.

Kraken has flatly refused to engage.

Percoco took to social media to reiterate the company’s policy, stating that they will never negotiate with or pay criminals, as doing so only incentivizes future attacks on the broader industry.

This incident highlights a growing trend of insider recruitment, where criminal groups target employees at tech and finance firms to gain a foothold from within.

Kraken is currently collaborating with law enforcement and industry partners to track the perpetrators, noting that they have already gathered substantial evidence to aid in potential arrests.

The Broader Threat to Digital Finance

The attempt on Kraken coincides with a similar report from Galaxy Digital, which recently managed a security event involving an isolated development environment. Together, these events underscore the evolving nature of cyber threats in the crypto space.

While external hacks often dominate headlines, the human element—specifically the exploitation of internal staff—is becoming a primary battleground for security teams.

By choosing transparency over a quiet payoff, Kraken aims to set a precedent for how major platforms handle bad actors. For now, the exchange continues to operate normally, having implemented stricter internal controls to prevent similar insider exploitation in the future.