-
Unverified claims suggest access to Kraken’s internal support systems is being sold on dark web forums for as little as $1.
-
The alleged access would allow viewing user profiles, transaction histories, and full KYC documents including IDs and selfies.
-
Recent Coinbase breaches through social engineering attacks highlight growing threats targeting exchange customer support staff.
A troubling listing has appeared on a dark web forum. Someone claims they’re selling access to Kraken’s internal customer support panel. The asking price? Just one dollar, apparently negotiable. But there’s a catch. There has been no official confirmation that the breach is authentic.
Dark web informer, a social media account that monitors illicit forum activity, identified the listing and shared it publicly. This follows a trend of major dark web assets being brokered in shadowy forums, similar to when the operators of RaidForums moved to sell one of the dark web’s most notorious marketplaces. The post shows a user called “ransomcharger” advertising what they claim is read-only access to Kraken’s support systems.
According to the seller, this access would let buyers view user profiles and transaction histories. They could even generate fake customer support tickets to phish victims or steal private information.
What the Alleged Access Could Expose
The listing paints a concerning picture. The access reportedly isn’t restricted by IP address. It’s supposedly proxied through Kraken’s own systems, making detection harder. The seller claims buyers could retrieve complete know-your-customer documents. That means identification cards, selfies, proof of address, and declared sources of funds would all be accessible.
This follows a pattern where highly sensitive data from personal KYC files to critical corporate assets like the core blueprints of a major manufacturer are increasingly peddled as commodities on dark web markets.
The access would remain valid for one to two months before Kraken rotates credentials, according to the listing. Time-based authentication codes would expire in February. However, Cryptopolitan found no independent confirmation supporting these allegations. Kraken’s support team hasn’t acknowledged any compromise of their internal systems either.
This claim surfaces at a particularly sensitive time for cryptocurrency exchanges. Mid-2025 saw Kraken and Binance targeted by the same social engineering campaign that successfully breached Coinbase. Attackers contacted customer support agents at these exchanges with an offer. They promised bribes in exchange for user data.
The Coinbase Breach That Proved It’s Possible
Certain Coinbase customer support workers outside the country reportedly took those bribes. Coinbase CEO Brian Armstrong stated the company had shared information like client names, addresses, partial KYC information, and account balances.
After some time, the attackers attempted to pressure Coinbase into paying a $20 million ransom for them to erase the stolen credentials. Coinbase refused and contacted law enforcement instead.
The breach endangered Coinbase to massive losses that could reach $400 million. Binance and Kraken, however, successfully thwarted the “social engineering” attempts. They used layered access restrictions and real-time monitoring of support interactions.
Binance usually uses artificial intelligence to watch customer support chats in different languages, catching anything that seems off, like trying to bribe someone.
Kraken has similar safeguards to make sure customer data is only accessed when necessary. They monitor suspicious activity within their systems constantly.
“Behind the scenes, there also is AI, machine learning, some analytics that are going on behind the scenes that are transparent to the user to say, is everything looking the way it should?” Kraken Chief Security Officer Nick Percoco explained. “There are times when our teams will be able to jump in front and stop those types of attacks.”
Real Arrests Prove the Threat is Serious
Just a week ago, the CEO of Coinbase, Armstrong, disclosed that a former client support agent was arrested in India. This happened months after the support representative gave hackers access to customer data. A Coinbase spokesperson said the arrest came after law enforcement agencies across multiple jurisdictions worked together.
The Brooklyn District Attorney’s Office has charged a local man accused of running a long-running scam, pretending to be a Coinbase employee to trick customers all across the U.S.
Prosecutors say he pretended to be a Coinbase employee to gain victims’ trust. He used social engineering to convince victims that their accounts faced immediate risk. The Department of Justice stated he directed victims to transfer funds to wallets under his control. He allegedly stole close to $16 million from roughly 100 victims, with more than $600,000 recovered to date.
It remains unclear whether the Kraken listing is authentic or simply another scam. But the pattern is clear. Customer support systems at major exchanges are prime targets. The combination of insider threats and sophisticated social engineering creates real vulnerabilities. For cryptocurrency users, the message is simple. Stay vigilant, enable every security feature available, and verify every support contact independently.
