Kraken Insider Leak Exposes 2,000 Crypto Accounts
- Two recruited Kraken support staff exposed ~2,000 user accounts before dismissal
- No funds were stolen — the breach was limited to KYC data and transaction records
- Crypto casino players who use Kraken to fund gambling accounts should monitor for targeted phishing
- The attack mirrors a 2025 Coinbase insider breach — a growing pattern against support staff
Kraken confirmed that no customer funds were put at risk and that its core infrastructure remained intact, though the company is now working with law enforcement across multiple countries to pursue those responsible.
What this means for crypto casino players
Kraken is a significant on-ramp for UK players who fund accounts at crypto gambling sites, handling popular assets including Bitcoin, Ethereum, and XRP. The data exposed in this incident — identity documents combined with transaction histories — could allow the criminal network behind the extortion to trace withdrawals from Kraken accounts through to casino deposit addresses. All crypto casino platforms available to UK players operate under international licences, typically from Curaçao, and none hold a licence from the UK Gambling Commission. Players can consult our best crypto casino guide for UK players for a full list of currently available platforms.
The immediate financial risk to UK users is minimal — Kraken has confirmed that funds were never accessible to the attackers. The secondary risk is more personal. A British passport or driving licence combined with a transaction history linking an address to casino deposits represents material that can be exploited for identity fraud or used to pressure individual users in the same way the criminal group is now pressuring the exchange. Players can reduce this exposure going forward by withdrawing to a self-custody wallet before sending funds on to a casino platform, creating a separation in the on-chain trail.
How the data was taken and what Kraken found
Kraken's security team first detected the problem in February 2025 after footage of its internal support systems began appearing on criminal forums. An investigation identified a customer support employee who had been recruited by a criminal network and was providing read-only access to client records. A second, distinct incident was subsequently uncovered. Between the two events, approximately 2,000 accounts were affected, with access restricted to KYC records, transaction histories, and support ticket data — not account withdrawal permissions or cryptographic keys.
The method reflects a deliberate shift in criminal tactics. Rather than targeting exchange infrastructure directly, organised networks are recruiting staff who already hold legitimate system access. This mirrors an attack on Coinbase in 2025 and, according to security researchers, is a tactic now used across gaming and telecommunications sectors as well as crypto.
“We will not pay these criminals. We will not ever negotiate with bad actors.” — Nick Percoco, Kraken Chief Security Officer
Kraken is also building an intelligence map of the networks responsible, suggesting coordinated enforcement action may follow.
What to watch
Law enforcement agencies are investigating across multiple countries. UK players with Kraken accounts should be alert to phishing attempts that quote specific transaction data or reference their identification documents, which would indicate the stolen records have been passed further along the criminal chain. Switching from SMS-based two-factor authentication to a hardware security key is the most effective immediate step, as hardware keys are substantially harder to bypass even for someone with staff-level read access. Players who are concerned about the exposure of their gambling activity should note that the compromised data was read-only — Kraken retains full control of all account funds.