Kraken Exchange Targeted by Insider Extortion Attempt Over Data Breach

Severity: Medium (Score: 51.9)

Sources: Bleepingcomputer, Mexc, Bitbo, Bloomberg

Summary

Kraken, a prominent cryptocurrency exchange, is facing an extortion attempt from a criminal group claiming to have video evidence of unauthorized access to internal systems containing client data. The incidents are linked to two separate breaches involving former support team members, with the first breach occurring in February 2025 and the second more recently. Approximately 2,000 customer accounts were affected, representing a small fraction of Kraken's total user base. The exchange confirmed that no client funds were at risk and that they have implemented enhanced security measures following the breaches. Kraken's chief security officer stated that the company will not comply with the extortion demands and is cooperating with law enforcement to investigate the matter. The situation reflects a growing trend of insider threats within the cryptocurrency sector, which has seen increasing sophistication in cyber attacks. Kraken has notified affected customers and is tightening internal controls to prevent future incidents. Key Points: • Kraken is facing an extortion attempt related to insider data breaches. • Approximately 2,000 customer accounts were potentially affected, but funds remained secure. • Kraken has refused to pay the extortion demands and is working with law enforcement.

Key Entities

• Data Breach (attack_type)
• Coinbase (company)
• Galaxy Digital (company)
• Kraken (ransomware_group)
• Financial (industry)
• Telecommunications (industry)
• T1078 - Valid Accounts (mitre_attack)