-640x358.jpg&w=1200&q=75)
A dark web listing claims read-only access to Kraken’s internal admin panel is being offered for sale.
The alleged access could allow viewing of user profiles, transaction histories and full KYC documents.
Listed materials reportedly include identification documents, selfies, proof of address and source-of-funds records.
The seller claims the access could last up to two months and is routed through proxy connections.
Security analysts warned that even read-only access could enable highly targeted phishing attacks.
If this is genuine, it’s a major data-exposure and phishing risk for Kraken customers.
One security researcher said.
Another user questioned the claim’s authenticity, stating, “Almost certainly fake,” amid uncertainty over verification.
Experts said attackers could use real transaction data to impersonate support staff and gain user trust.
Analysts noted that access to trading patterns and wallet behaviour could fuel SIM-swap and credential attacks.
Kraken had not publicly commented on the claims at the time of reporting.
Cybersecurity firm CIFER said users should assume possible exposure and strengthen account protections.
Recommended steps include hardware authentication, withdrawal whitelists and heightened caution with support messages.
The incident underscores ongoing risks linked to centralised exchanges holding sensitive customer data.