Kraken confirmed two insider-related security incidents where support staff accessed limited client data, but at no point were core systems or client funds breached, and access was promptly revoked with enhanced safeguards.

Kraken, a U.S.-based exchange offering spot, derivatives, custody, and staking services for retail and institutional clients worldwide, reported about 2,000 affected accounts—roughly 0.02% of its client base.

Chief Security Officer Nick Percoco said the attackers claimed to have videos of internal systems with client data and threatened disclosure, but Kraken refused to negotiate or pay the extortion demand.

The industry response includes heightened monitoring and stricter access controls across crypto, gaming, and telecom sectors, with ongoing debates about offshore versus local support staffing and security implications.

There is ongoing scrutiny of offshore support practices and perceived security risks; Kraken reiterates access controls as a key safeguard and has not commented beyond that.

Security experts highlight insider threats as a persistent risk in digital asset markets where support roles have visibility into user accounts.

Officials describe a broader insider-threat pattern across industries, with Kraken tightening internal controls and monitoring to reduce exposure.

The unauthorized access involved internal support tools, not core trading infrastructure; access was revoked swiftly and safeguards were strengthened.

Kraken is cooperating with federal law enforcement across jurisdictions to identify those involved and pursue justice, underscoring a wider industry issue of insider threats.

The incidents fit into broader security challenges in crypto, including phishing and rapid asset movement, with recent exploits showing increasing attacker sophistication.

In a separate disclosure, Galaxy Digital reported a cybersecurity incident in an isolated development environment with no impact on client data or funds.

Kraken says it is actively cooperating with law enforcement across multiple jurisdictions, believing there is sufficient evidence to identify those responsible and pursue arrests, while continuing to strengthen security.