A US-based cryptocurrency exchange, Kraken (not to be confused with the Kraken ransomware group), is fighting off a ransom demand from yet publicly unidentified hackers following two separate security incidents. These hackers are using stolen video recordings of internal customer management systems as leverage, but Kraken, run by Payward Inc., has stated clearly that it will not negotiate or pay the attackers.
What Happened
In February 2025, Kraken started an internal investigation after being tipped about a video circulating on a criminal forum. Security teams found that the person behind it was a member of the exchange’s own support staff. While the company blocked their access and added new security controls, the risk didn’t end there.
Recently, a second incident occurred involving a similar video, and Kraken’s investigation revealed another case of a support team member using their access wrongly. In total, hackers may have viewed the data of about 2,000 accounts- that is 0.02% of everyone who uses Kraken. Though the company claims no full system penetration happened, these stolen videos are now the main tool for the extortion attempt.
Working with Law Enforcement
Kraken is now working with federal law enforcement in several countries. Nick Percoco, the exchange’s Chief Security Officer, noted that there is enough evidence to identify and arrest those responsible. The company is also teaming up with other firms to stop insider recruitment efforts, as these campaigns often target workers in the crypto, gaming, and phone industries.
In a detailed security update on X.com, Percoco explained that the company’s systems were never breached and funds were never at risk. He made it clear that Kraken will never negotiate with bad actors and that they are constantly improving their security to fight these new types of global threats. Kraken has already messaged anyone who might have been affected.
Insider Threat Rising in Crypto
Eliwood, a prominent Cyber Threat Intelligence (CTI) expert, called this incident a classic example of an insider threat, adding that even though the first staff member was caught a year ago, the stolen data is still a problem today. This shows how employees’ involvement in data theft can create long-term risks for any business.
Other big crypto platforms have dealt with similar insider threats. As Hackread.com reported in May 2025, Coinbase faced a $20m ransom demand after a breach affecting 70,000 users, but it refused and offered the same amount as a reward for tips on the attackers. In that attack, hackers paid bribes to offshore workers to access customer records.
According to blockchain analytics firm Nominis’ research, these attacks are becoming more common, with losses rising to $178 million in March 2026 from $49.3 million in February. Most of these involve authorisation exploitation, where hackers trick staff or users into providing access to digital assets, highlighting that the human element still remains the most vulnerable link in the security chain.
