- Key insight: Hackers are weaponizing rogue employees at Kraken to bypass traditional security measures and extort the cryptocurrency exchange.
- What's at stake: The security incident validates traditional banks' fears that granting Federal Reserve master accounts to uninsured crypto institutions could introduce vulnerabilities to the nation's financial networks.
- Supporting data: Rogue employees potentially viewed roughly 2,000 client accounts, which represents 0.02% of the exchange's total user base.
Overview bullets generated by AI with editorial review
Just weeks after making history as the first digital asset company to gain direct access to the Federal Reserve's payment infrastructure, cryptocurrency exchange Kraken is fighting an extortion plot fueled by rogue employees.
For the traditional banking industry, the security incident validates long-standing fears that granting Federal Reserve master accounts to uninsured crypto institutions could introduce systemic operational and cybersecurity vulnerabilities into the nation's core financial networks.
Criminals are threatening to release videos of the exchange's internal systems. Specifically, the videos apparently show the exchange's internal client support systems and the customer data accessible within them, as accessed with legitimate employees' credentials.
The breach stems from insider recruitment, as the attackers compromised members of the company's customer support team, according to an April 13 post on social media platform X by Nick Percoco, the company's chief security officer.
Kraken has not confirmed whether the compromises were monetary bribes. The exchange also has not specified whether the rogue employees recorded the footage themselves or if the hackers recorded it while the employees granted them access.
Kraken has revoked the employees' access, notified the affected clients and is refusing to negotiate with or pay the bad actors, Percoco said.
The extortion attempt comes a month after the Federal Reserve Bank of Kansas City approved a "limited purpose" master account for Kraken Financial on March 4. The controversial decision gives the Wyoming-chartered institution the ability to move funds directly via the central bank's payment rails.
Banking advocates, led by the Independent Community Bankers of America, have vehemently opposed the approval. Rebeca Romero Rainey, president and CEO of the trade group, noted that "granting nonbank entities and crypto institutions access" to master accounts poses direct risks to the broader banking system, according to a press release on the day of the Fed's decision.
The trade group urged the Federal Reserve to limit account access to institutions that already meet the financial sector's "highest standards."
Inside the extortion attempt
Attackers threatened to share videos of Kraken's internal systems with media outlets and across social platforms if the exchange rejects their demands, according to Percoco.
The company traced the security breach to its own staff. The exchange received a tip in February 2025 about a video on a criminal forum that showed access to its client support systems, Percoco said.
The company identified a support team member as the culprit and immediately revoked their access. Recently, the exchange uncovered a second, similar incident involving a different support team employee, he said.
The rogue employees potentially viewed roughly 2,000 client accounts, which represents 0.02% of the exchange's total user base, according to Percoco.
Percoco emphasized in his post that "funds were never at risk" and that the exchange's core systems remained secure. The company also "will not pay these criminals" and "will not ever negotiate with bad actors," he said.
"We are working with federal law enforcement to ensure the individuals involved face consequences for their actions," Percoco said.
The rising threat of insider recruitment
The security breach at Kraken highlights a growing cybersecurity trend targeting the broader financial and technology sectors: the weaponization of rogue employees.
Cybercriminals actively recruit insiders to bypass traditional hacking methods. For example, a darknet advertisement sought to hire individuals currently working at or contracted to cryptocurrency exchanges such as Kraken, Coinbase and Binance, according to findings released in December by cybersecurity firm Check Point.
In the cases Check Point analyzed, the criminals offered payouts ranging from $3,000 to $15,000 based on the employee's level of access, promising that the arrangement requires no malware and respects the rogue employee's anonymity.
The extortion attempt at Kraken mirrors other recent industry incidents involving insider threats. Last year, Coinbase published a post detailing how it is standing up to extortionists, noting that the company increased its investment in insider-threat detection and automated response.
To further secure its support operations, Coinbase said at the time it was opening a new support hub in the U.S. and adding stronger security controls across all locations.
Ammunition for banking advocates opposing Fed access
The extortion attempt arms traditional banking advocates with a concrete example of the operational and cybersecurity vulnerabilities they warned about when opposing the exchange's new Federal Reserve master account.
The Independent Community Bankers of America and 42 state bankers' associations last week urged the Kansas City Fed to reconsider the approval, according to a joint letter.
The trade groups pressed the central bank to ensure that the terms of the digital asset company's account access include "robust risk controls and enforceable off-ramps," according to the letter.
Some outside observers and researchers echo these concerns, warning that lightly regulated crypto firms could pose broad operational and financial stability risks.
The Bank Policy Institute, a banking research and advocacy group, noted in an October 2020 report that businesses such as Kraken face subtle incentives to shift their reserves toward riskier assets. Traditional banks undergo rigorous supervision and must hold deposit insurance precisely to mitigate such risks, according to the institute.
The internal security breach also arrives amid heightened congressional scrutiny over the exchange's integration into the federal payment rails. In late March, Rep. Maxine Waters, the top Democrat on the House Financial Services Committee, demanded the Kansas City Fed disclose more details regarding the approval process, citing potential financial-system risks.
Earlier in March, Michelle Bowman, the Fed's vice chair for supervision, acknowledged that granting a crypto exchange direct access to the federal payment system is uncharted territory. But, she said, Kraken's limited purpose account would be a test case.
"It's a bit of an experiment," Bowman said.
