The attackers are reportedly selling read-only access to Kraken 's internal admin panel on a Dark Web forum.
This incident has raised concerns about the risk of user data leaks as well as the risk of being targeted by phishing attacks.
Admin panel for sale: allegations on the Dark Web raise questions about Kraken 's security.
According to Dark Web Informer, the post advertised the sale of access to user profiles, transaction history, and all KYC documents. These documents included ID cards/passports, selfies, address verification, and proof of funds.
The seller stated that access could last from 1 to 2 months, access via proxy, and has no IP address restrictions, and also allows the creation of support tickets.
This post immediately caused concern among many cybersecurity experts, although some online users remained skeptical.
"It's almost certainly fake," one user commented , raising doubts about the authenticity of this access.
Others warned that if true, this data leak could put Kraken customers at significant risk, urging the exchange and authorities to investigate immediately.
“If this is true, this is a major data breach risk and could lead to phishing attacks on Kraken customers. Kraken ’s security team and law enforcement need to get involved immediately,” another person added .
In fact, this access could be exploited for very convincing social engineering attacks. Kraken has not yet responded to BeInCrypto's request for comment.
Read-only access is not harmless: CIFER reveals data leakage risks on Kraken dashboard.
CIFER Security emphasizes that read-only access also poses serious risks. While attackers may not be able to change account data, they can still exploit the support ticket creation function to:
- Impersonating Kraken employees .
- Citing real transaction information helps build trust.
- Targeting high-value retail investors identified through their trading history.
Having access to complete information about transaction habits, wallet addresses, and deposit/withdrawal activities makes it easy for malicious actors to carry out phishing attacks, SIM swaps, or password-trying attacks, posing risks that extend beyond just account breaches.
Attacks on admin panels are nothing new in the crypto world. Exchanges like Mt. Gox (2014) , Binance (2019), Kucoin (2020), Crypto.com (2022), and FTX (2022) have all been targeted by hackers. This demonstrates that centralized tools with significant authority are always attractive targets for cybercriminals.
The alleged Kraken incident also falls within this broader context, highlighting the inherent challenge of securing sensitive access rights in the financial industry.
What should Kraken users do?
CIFER Security recommends that users be prepared for the possibility of data breaches and promptly implement the following security measures:
- Enable hardware key authentication.
- Activate the global settings lock.
- Withdrawals are only allowed to whitelisted addresses.
- Exercise extreme caution when accepting support requests from the platform.
Users should also be aware of signs of SIM swap attacks, suspicious password changes, and consider transferring large sums of money to Cold Storage or using new addresses that are not in a potentially compromised transaction history.
This incident highlights the inherent risks of storing assets on centralized exchanges. Exchanges Capital centralize a significant amount of critical customer data on their management dashboards, making the system vulnerable to a single vulnerability that could cause it to crash.
As CIFER Chia , good security systems today are often based on Vai based access control, granting permissions only when necessary, data obfuscation, session recording, and not maintaining access for extended periods to limit the scope of damage if an incident occurs.
If the reports are accurate, Kraken needs to quickly identify the cause of the access breach: it could be leaked login credentials, an insider, a third-party service provider vulnerability, or session hijacking.
Again, if this is true, the exchange needs to take urgent measures: change all admin login information, review access logs, and transparently inform users.
A swift and transparent response will be key to maintaining trust in a context where the risks from centralized systems and the promise of decentralization in the crypto market coexist.
