Kraken Insider Leak Exposes 2,000 Crypto Accounts
- Two recruited Kraken support staff exposed ~2,000 user accounts before dismissal
- No funds were stolen β the breach was limited to KYC data and transaction records
- Crypto casino players who use Kraken to fund gambling accounts should monitor for targeted phishing
- The attack mirrors a 2025 Coinbase insider breach β a growing pattern against support staff
Kraken confirmed that no customer funds were placed at risk and that its core infrastructure was not breached, though it is now working with law enforcement across multiple jurisdictions to identify and prosecute those responsible.
What this means for crypto casino players
Kraken is used by South African players to acquire Bitcoin, Ethereum, XRP, and other assets before depositing at crypto gambling platforms. The data accessed in this incident β identity verification documents combined with transaction histories β could allow the criminal network behind the extortion to link Kraken withdrawals directly to casino deposit addresses. All crypto casino platforms available to South African players operate under international licences, typically from CuraΓ§ao. Players can find a full list of currently available platforms on our best crypto casino guide for South African players.
The direct financial risk is limited β Kraken confirmed that funds were never accessible to the attackers. The more significant concern is the secondary use of exposed documentation. A government-issued identity document paired with a transaction history linking an address to casino deposits represents material suitable for identity fraud or targeted social engineering against individual users. South African players who prefer additional separation between their exchange and gambling activity can withdraw to a self-custody wallet before funding a casino account.
How the data was taken
Kraken's security team first became aware of the problem in February 2025, after footage of its internal support systems appeared on criminal forums. An investigation identified a customer support employee who had been recruited by an organised criminal network and was providing read-only access to client records. A second, distinct incident was detected more recently. Across both events, approximately 2,000 accounts were affected, with exposure limited to KYC records, transaction histories, and support ticket data β not account withdrawal access or cryptographic keys.
This approach β targeting staff rather than infrastructure β mirrors an insider attack on Coinbase in 2025 and, according to security researchers, is now being used across gaming and telecommunications sectors as well as crypto exchanges.
βWe will not pay these criminals. We will not ever negotiate with bad actors.β β Nick Percoco, Kraken Chief Security Officer
The exchange is building an intelligence picture of the criminal networks involved, indicating coordinated enforcement action may follow across multiple jurisdictions.
What to watch
Law enforcement agencies are investigating across several countries. South African players with Kraken accounts should be alert to phishing attempts that reference their specific transaction data or identification documents, which would indicate the stolen records have moved further through the criminal chain. Switching from SMS-based verification to a hardware security key is the most effective immediate precaution, as hardware keys are substantially harder to bypass even for someone with staff-level read access. With PSL football and the Springboks' domestic programme continuing through April, South African crypto sports bettors should treat account security as a priority during this active period.