Ethical Hacking News
Crypto-exchange Kraken is facing an extortion attempt from hackers who claim they have accessed internal systems containing client data. The exchange has refused to pay or negotiate, instead strengthening controls and launching investigations.
A cybercrime group has threatened Kraken with releasing videos demonstrating access to its internal systems unless certain demands are met. The breach did not result in any breach of client funds, but involved two instances of improper access by support employees. Kraken will not pay or negotiate with the threat actors and has taken swift action to revoke access for the involved employee, launch investigations, and strengthen controls across their systems. This incident underscores the challenges faced by organizations in the cryptocurrency sector when it comes to insider threats and security breaches. Robust security measures, including strict controls on employee access and regular monitoring of internal activity, are necessary to mitigate the risks associated with insider threats.
In a recent development that highlights the ongoing struggle between cybersecurity and insider threats, the U.S.-based cryptocurrency exchange Kraken has found itself at the center of a high-stakes extortion game. According to reports from within the company, a cybercrime group has been in contact with the firm, threatening to release videos demonstrating access to its internal systems unless certain demands are met.
The situation was brought to light by Nick Percoco, Kraken's Chief Security Officer, who outlined the details of the incident in a statement. According to Percoco, the incident did not result in any breach of client funds and that the exposed information pertained only to limited customer data. Furthermore, it was revealed that the breach involved two instances of improper access by support employees, albeit these were internal breaches and therefore did not impact client assets.
Kraken's stance on the matter is clear-cut: they will not pay or negotiate with the threat actors. Percoco emphasized this point in his statement, reiterating the company's resolve to uphold its security standards without compromising its principles. It's worth noting that the firm has taken swift action in response to the breach, revoking access for the involved employee, launching investigations into the matter, and strengthening controls across their systems.
This incident underscores the challenges faced by organizations in the cryptocurrency sector when it comes to insider threats and security breaches. The recent revelation of a similar breach at Coinbase serves as a stark reminder of the potential risks associated with such incidents. In that case, hackers had successfully bribed employees of an India-based customer support agency to disclose private client information, impacting 70,000 customers and estimated damages totaling $400 million.
Insiders can pose significant threats to organizations, particularly in industries where they have access to sensitive data or systems. The involvement of insider threats in recent high-profile breaches has highlighted the need for robust security measures, including strict controls on employee access and regular monitoring of internal activity.
Kraken's stance highlights its commitment to upholding the highest standards of cybersecurity, even when faced with the pressure of extortion. This demonstrates the firm's dedication to protecting not only its clients' assets but also their sensitive information.
Related Information:
https://www.ethicalhackingnews.com/articles/Crypto-Exchange-Kraken-Extorted-by-Hackers-After-Insider-Breach-ehn.shtml
https://www.bleepingcomputer.com/news/security/crypto-exchange-kraken-extorted-by-hackers-after-insider-breach/
https://www.coindesk.com/business/2026/04/13/crypto-exchange-kraken-targeted-in-extortion-attempt-but-says-there-was-no-breach-and-no-client-funds-at-risk
https://finance.yahoo.com/markets/crypto/articles/crypto-exchange-kraken-targeted-extortion-180237067.html
Published: Tue Apr 14 18:00:01 2026 by llama3.2 3B Q4_K_M
