Who or what is Kraken?
The Kraken crypto exchange is one of the largest and most renowned trading platforms for digital currencies in the world. Due to its size and relevance, Kraken has always been the focus of cybercriminals who try to gain access to digital assets and sensitive user data through various attacks. In July 2025, a major security incident at Kraken attracted worldwide attention, alerting not only the crypto community but also regulators and traditional financial institutions.
Background of the Kraken crypto exchange
Kraken was founded in 2011 and has since developed into one of the most trusted and secure trading platforms. By introducing advanced security protocols, regular audits and open communication with users, Kraken has been able to make a name for itself. The platform offers trading in numerous cryptocurrencies such as Bitcoin, Ethereum, Solana, Cardano and many more.
Incident in July 2025: What happened?
At the beginning of July 2025, a security incident occurred in which attackers managed to exploit a previously unknown vulnerability in the system. The attackers gained access to certain interfaces of the trading platform and were thus able to access sensitive information such as email addresses, account balances and parts of the trading data. According to initial findings, the attack was very targeted and elaborately prepared.
Course of the attack
The first signs of the attack were unusually high API accesses and sudden network spikes in Kraken's internal monitoring system. The security team reacted within a few minutes and began analysing the events. It quickly became clear that this was not a normal load increase or a DDoS attack, but a targeted attempt to penetrate the system.
The attackers exploited a zero-day vulnerability in third-party software that is responsible for certain backend processes. By exploiting this vulnerability, they were able to bypass authentication steps and move around the system with extended rights.
Measures after discovery
Immediately upon discovery, the affected area was isolated and all API access for non-essential functions was temporarily disabled. Kraken's security team worked closely with external cybersecurity experts to determine the origin and extent of the attack. After less than an hour, the most important systems were secured and normal operations could be gradually resumed.
Information for users
Kraken informed its users about the incident on the same day via email, push notification and an official statement on the website. Transparency was particularly important to the company in order to avoid panic and maintain the trust of the community.
Extent of damage and data affected
The exact number of users affected is still not conclusively known, as the attack was highly targeted and focussed on specific user groups. As things stand, no cryptocurrencies were stolen directly, but the attackers did obtain sensitive information such as usernames, email addresses, parts of trading data and encrypted password hashes.
Important points:
- No direct losses from cryptocurrencies
- No access to two-factor authentication codes or wallet keys
- Sensitive personal data partially compromised
As at 17 July 2025, we recorded the following as Crypto forensics company an increase in customer enquiries in connection with lost assets at Kraken. Initial analyses indicate that the affected customers were victims of phishing attacks and unauthorised persons gained access to Kraken's IT system. This week, customers have already suffered financial losses as a result. Cooperation with Kraken in these cases is sometimes difficult from the customer's point of view. There have also been similar incidents in the past in which large sums of money have been withdrawn from customer accounts using comparable methods.
Reaction of the community and the markets
After the incident was publicised, the prices of some cryptocurrencies traded on Kraken plummeted in the short term. The uncertainty led to some investors moving their assets to other platforms or securing them in cold wallets. However, Kraken's fast and open communication helped to quickly restore confidence.
The incident was widely discussed on social media. Many users praised Kraken for its transparency, the latter of which we absolutely cannot understand, and the rapid countermeasures, while others expressed fundamental concerns about the security of centralised exchanges.
Investigations and external audits
Following the incident, Kraken commissioned independent security companies to analyse the causes in detail. The authorities in the USA, Europe and Asia were informed and worked with Kraken to identify further potential risks and work together on improvements.
The external assessments confirmed that Kraken has robust security structures and that the vulnerability lay in a third-party component that could not be influenced by users or Kraken itself. Nevertheless, additional security measures such as increased access controls, regular penetration tests and a revision of the emergency plans were introduced.
Long-term consequences and lessons learnt
The incident had far-reaching consequences for the entire crypto industry and led to many platforms reviewing their own systems. Regulatory authorities called for stricter standards and better reporting obligations in the event of security incidents.
Following the attack, Kraken invested heavily in its IT infrastructure and cybersecurity personnel. Even stronger two-factor authentication became mandatory for users and the monitoring systems for suspicious activities were significantly expanded.
Recommendations for users
For investors and traders, caution remains the most important means of security. It is recommended:
- Use strong, unique passwords
- Always activate two-factor authentication
- Report suspicious activities to support immediately
- Store cryptocurrencies in your own wallets where possible
In this context, recurring formulations on account security are frequently used. However, it remains unmentioned that the security gap is not due to user misbehaviour, but is the sole responsibility of Kraken.
The security incident at Kraken in July 2025 shows that even the largest and most experienced providers in the crypto sector are exposed to attack targets. Thanks to rapid response, open communication and continuous investment in security, Kraken was able to avert major damage and maintain the trust of its users. The incident remains an important wake-up call for the entire industry to regularly review and further improve its own security measures.
The Krypto Investigation GmbH supports injured parties competently in dealing with security-related incidents. We carefully analyse the facts of the case and systematically trace lost assets. With the help of our analyses, we obtain court-proof evidence and facts to effectively enforce your rights.
