Dark web listing claims access to Kraken support system

Claims that access to Kraken’s internal customer support systems is being offered for sale on a dark web forum are currently making rounds on X, even as the evidence backing the alleged breach is largely unverified.

According to web activity monitoring social account Dark Web Informer, a read-only version of Kraken’s internal support panel is on the market, being sold for as little as $1, and is supposedly negotiable. 

A snapshot of the dark web forum shows user “ransomcharger” telling their associates that the access would allow the viewing of user profiles and transaction histories, and could generate customer support tickets to phish customers or extract private information.

Kraken support access could expose customer info for 2 months

According to the listing, the access is reportedly not restricted by IP address, proxied through Kraken’s own systems. It can retrieve full know-your-customer (KYC) documents, including identification cards, selfies, proof of address, and declared sources of funds. 

The access is reportedly valid for at least one to two months before rotation, with time-based authentication codes expiring in February. However, Cryptopolitan has not found any other independent confirmation or evidence supporting the allegation, and Kraken’s support team has not acknowledged any compromise of its internal systems.

In mid-2025, Cryptopolitan had reported that Kraken and Binance were targeted by the same social engineering campaign that resulted in a successful customer data breach at Coinbase. According to people familiar with the matter, attackers contacted customer support agents at the exchanges and enticed them with bribes in exchange for user data. 

Coinbase executive Brian Armstrong issued a statement saying several overseas customer service representatives accepted the bribes and provided information that included customer names, addresses, partial KYC records, and account balances.

The attackers later attempted to extort Coinbase, demanding a $20 million ransom in exchange for deleting the stolen data, according to people familiar with the investigation. Coinbase declined to pay the ransom and instead notified law enforcement authorities.

The breach exposed Coinbase to potential losses estimated at up to $400 million. However, for Kraken and Binance, the social engineering attempt was thwarted through layered access restrictions and real-time monitoring of support interactions.

Binance has said it uses artificial intelligence systems to monitor conversations between customer support agents and users in several languages. Those systems can flag suspicious behavior like potential bribery attempts, and automatically terminate communications when risks are detected.

Kraken has said it employs internal safeguards that limit unnecessary access to customer information and monitor anomalous activity within its systems. 

Coinbase helps law enforcement arrest service agent in India

Just last week, Coinbase CEO Armstrong revealed to the public that a former customer service agent for the exchange was arrested in India, months after the support representative gave hackers access to customer data.

A Coinbase spokesperson confirmed the arrest and said it came on the heels of a coordinative effort with law enforcement agencies from several jurisdictions, helping the security groups identify and prosecute those involved.

The Brooklyn District Attorney’s Office also announced charges against a Brooklyn man accused of orchestrating “a long-running impersonation scheme” on Coinbase customers in the US.

According to the indictment, the defendant posed as a Coinbase representative and used social engineering to convince victims that their accounts were at immediate risk. The Department of Justice mentioned that he directed victims to transfer funds to wallets under his control and took away nearly $16 million from approximately 100 victims. However, more than $600,000 has been recovered so far. 

If you're reading this, you’re already ahead. Stay there with our newsletter.