Back to Blog
LegalTech & AI

Kraken and the Insider Threat: Secret Videos and Employee Extortion

NakedPact Editorial Committee
Reviewer: Carmelo G.
Comitato Editoriale NakedPact
27 Giugno 2026
9 min read
Kraken and the Insider Threat: Secret Videos and Employee Extortion

What is the insider threat and how did it affect Kraken with secret videos?

The insider threat occurs when an employee or former collaborator exploits privileged access to steal sensitive data. In Kraken's case, a former employee tried to extort the crypto platform by threatening to leak internal secret videos, violating security policies and data privacy regulations.

Imagine having the keys to a bank vault, but instead of protecting clients, you decide to use them to blackmail the bank itself. This is exactly what happened at Kraken, one of the world's largest cryptocurrency exchanges. A former employee, with access to confidential material, attempted to extort the company by threatening to release secret videos. This is not a spy movie, but a true story that reminds us how fragile internal security is.

The case exploded when Kraken announced it had suffered an extortion attempt by a former security team member. The employee, fired for undisclosed reasons, had kept copies of internal videos and sensitive documents. He demanded a cryptocurrency ransom to not publish them. Kraken reacted by involving authorities and strengthening its access policies, but the reputational damage was already done.

The insider threat is a growing problem in the crypto and tech sectors. According to a Verizon report, 30% of data breaches involve insiders. In Kraken's case, the risk was twofold: leaking videos could violate other employees' privacy and reveal secret corporate strategies. Additionally, extortion in cryptocurrency makes transactions hard to trace, complicating legal investigations.

From a legal perspective, this case raises questions about companies' responsibility to protect internal data. Crypto platforms must comply with regulations like the GDPR in Europe and the CCPA in California. But the insider threat is not just a compliance issue: it's a trust challenge. How can a company guarantee that those with access to secrets won't use them against it?

Kraken responded with an aggressive approach: it reported the former employee for extortion and implemented new access controls. However, many security experts emphasize that prevention is key. Regular audits, monitoring of anomalous behaviors, and security training are essential. But there's another side to the coin: employee privacy. How far can a company spy on its workers to prevent leaks?

The Kraken case is a wake-up call for the entire LegalTech sector. Companies must balance transparency with data protection. Artificial intelligence tools can help detect suspicious activities, but they cannot replace trust. Furthermore, employment contracts should include stricter clauses on data management after termination of the relationship.

Ultimately, the Kraken story shows us that the insider threat is like a virus: it evolves and adapts. Companies must be ready to respond with agility, combining technology, training, and a solid legal framework. Security is not just an IT problem, but a matter of corporate culture.

For legal professionals, this case is a reminder: compliance is not enough. A holistic approach integrating privacy, security, and risk management is needed. In California, the CCPA/CPRA requires companies to protect personal data with reasonable security measures, but it does not directly address the insider threat. Compared to the American model, Europe with the GDPR is more restrictive, requiring mandatory notifications in case of breaches. However, no law can prevent human betrayal.

Insider Threat Risk Simulator

Discover how vulnerable your company is to an insider attack. Adjust risk factors and calculate the score.

Your risk score is: 0/100

Adjust parameters to see the level.

The 'Insider Threat Risk Simulator' widget is designed to help legal and IT professionals visualize how three key factors (data access, security controls, and training) influence the risk of an insider attack. The user adjusts three sliders from 1 to 10, corresponding to these factors. The risk calculation is a simple formula: (access * 10) - (security * 5) - (training * 3), normalized between 0 and 100. This model is not scientific but serves to stimulate reflection: the higher the access, the greater the risk; the stronger the controls and training, the lower the risk. The widget also shows the risk level (low, medium, high) to provide immediate feedback. Interactivity is handled with pure JavaScript, with 'input' events to update slider values and a click on the button to calculate the score. This tool can be used in training or internal audit contexts to raise awareness about the insider threat, linking to the Kraken case described in the article.
NakedPact Logo

NakedPact Editorial Committee

Article created by the NakedPact editorial team. Our mission is to analyze, simplify, and expose unfair terms and hidden risks in everyday contracts to protect citizens and consumers.

Do you own a website?

Do you own a website?

Want to communicate your data processing transparency to your users? Dynamically use our badge and showcase your platform's compliance.

🛡️ Protect your rights with one click

Don't risk signing abusive clauses. Install the free NakedPact extension for Chrome or Firefox and instantly analyze any contract on the web.

Don't trust, verify.

Now that you know the risks, don't sign blindly. Upload your contract to NakedPact and let AI find the hidden clauses for you. It's 100% free.

Analyze Your Contract Now

Rispettiamo la tua privacy

Usiamo i cookie per migliorare la tua esperienza e personalizzare gli annunci. Scopri di più.

NakedPact Logo

Estensione Chrome

Analizza i contratti e i Termini di Servizio direttamente sul tuo browser con l'estensione NakedPact.