Kraken Insider Leak Exposes 2,000 Crypto Accounts
- Two recruited Kraken support staff exposed ~2,000 user accounts before dismissal
- No funds were stolen โ the breach was limited to KYC data and transaction records
- Crypto casino players who use Kraken to fund gambling accounts should monitor for targeted phishing
- The attack mirrors a 2025 Coinbase insider breach โ a growing pattern against support staff
No customer funds were at risk and the exchange's systems were not breached, though the incident follows a similar attack on Coinbase in 2025 and points to a growing pattern of insider-recruitment attacks across the crypto industry.
What this means for crypto casino players
Canadian players frequently use Kraken to purchase Bitcoin, XRP, Ethereum, and other coins before depositing at crypto gambling platforms. The data accessed in this incident โ particularly transaction histories and know-your-customer (KYC) documentation โ could identify those gambling-linked transfers to whoever controls the extortion network. Players looking for platform options can review our best crypto casino guide for Canadian players.
For the roughly 2,000 affected accounts, the most sensitive exposure is the pairing of government-issued ID with a transaction record. KYC documents can be leveraged for identity fraud; transaction histories that show regular withdrawals to casino deposit addresses could be used to target individual users with phishing or extortion attempts โ mirroring the approach now directed at Kraken itself. Players who prefer to keep their exchange and casino activity separated can route funds through a self-custody wallet before depositing at a gambling platform.
How the insider recruitment worked
Kraken's Chief Security and Information Officer Nick Percoco disclosed that the first incident surfaced in February 2025, when footage of Kraken's internal support tools appeared on criminal forums. The exchange traced it to a single support employee who had been recruited by an organized criminal network and had granted read-only access to customer records. A second, separate incident was identified more recently, and Kraken estimates around 2,000 accounts were affected across both events. The accessed data covered KYC records, transaction histories, and support ticket content โ not withdrawal permissions or private keys.
The attack model closely resembles an insider incident at Coinbase in 2025, where criminal networks used social engineering to extract customer data without breaching core systems. Analysts note this tactic is spreading beyond crypto into gaming and telecommunications, suggesting organized operations rather than isolated opportunists.
โWe will not pay these criminals. We will not ever negotiate with bad actors.โ โ Nick Percoco, Kraken Chief Security Officer
What to watch
Federal investigators and their international counterparts are pursuing those responsible. If the stolen data is sold rather than used only at the exchange level, affected users may receive phishing messages that quote specific transaction details or personal documents to appear legitimate. Canadian players with Kraken accounts should enable hardware-key two-factor authentication and be cautious of any unsolicited contact referencing account details. With the NHL playoffs underway, players using crypto for sports betting should be especially vigilant about account security during this high-activity period.