Kraken Hit With Extortion Threat After Insider Data Incidents

Crypto exchange Kraken says it is facing an extortion attempt following two insider-related security incidents involving limited client support data. The company emphasized that its systems were never breached and no customer funds were at risk.

According to Kraken Chief Security Officer Nick Percoco, “our systems were never breached; funds were never at risk,” adding that the company “will not pay these criminals” or negotiate with attackers.

Insider Access, Not a Hack

Kraken identified two separate cases, one in February 2025 and another more recent, where internal support staff improperly accessed sensitive customer support systems. In both instances, the individuals were quickly identified, their access was revoked, and affected users were notified.

The company estimates that approximately 2,000 accounts were potentially viewed across both incidents, representing just 0.02% of its total user base.

Extortion Attempt Follows Investigation

After the insider access was shut down, Kraken says a criminal group issued extortion demands, threatening to release videos allegedly showing internal systems and client data. The exchange refused to comply and is now working with federal law enforcement across multiple jurisdictions.

Kraken also noted that it has gathered sufficient intelligence to support the identification and potential arrest of those involved.

Growing Threat: Insider Recruitment

The incident highlights a broader cybersecurity trend: attackers targeting employees rather than systems. Kraken says it has been working with industry partners to disrupt insider recruitment efforts across crypto, gaming, and telecommunications sectors.

This shift underscores a key vulnerability in centralized platforms, where internal access can become a critical point of failure.

Why Self-Custody Matters

The situation reinforces the importance of self-custody in Bitcoin security. Holding assets on exchanges exposes users to operational and insider risks, even when core systems remain secure.

Companies like Casa offer Bitcoin self-custody solutions designed to eliminate single points of failure. Casa’s multi-key security model gives users direct control over their Bitcoin, reducing reliance on exchanges and custodians.

As insider threats become more sophisticated, the case for self-custody continues to strengthen: if you control the keys, you control your Bitcoin.