Cryptocurrency exchange Kraken is currently addressing two security incidents that resulted in unauthorized access to client data for approximately 2,000 user accounts. The exchange's chief security officer confirmed that these events did not compromise Kraken's core systems or user funds.

Security Incidents and Extortion Attempt

The security head detailed that the incidents involved "inappropriate access" to user data. The first occurred in February 2025, with a second, more recent incident also impacting around 2,000 accounts in total. Kraken is actively collaborating with federal law enforcement agencies to identify and apprehend the responsible criminal group.

In addition to the unauthorized access, Kraken is facing an extortion attempt from an unidentified group. This group is demanding an unspecified sum of money, threatening to release internal videos allegedly containing client data. The company has stated it will not negotiate with the perpetrators.

User Funds and System Integrity

Kraken's security officer emphasized that the exchange's core systems have never been successfully breached. Furthermore, user funds were not at risk during these incidents or the subsequent extortion attempt. The company is committed to upholding platform integrity and client information safety.

Industry Context and Prior Incidents

This situation highlights the ongoing security challenges within the rapidly growing cryptocurrency sector. Previously, other exchanges have experienced significant breaches. One notable incident involved bribery of customer support contractors, leading to compromised data for about 70,000 users.

Blockchain intelligence reports indicate a rise in crypto-related losses. In March 2026, major incidents resulted in over $178 million in losses, a substantial increase from February's $49.3 million. Authorization abuse remains a primary attack vector, with users unknowingly approving transactions that grant hackers direct access to their funds.