A possible data breach of the known Kraken exchange may have taken place. Although the story is still shrouded in darkness and unconfirmed.
What is known is that at the end of last week, the Etana crypto custody service suffered a security breach involving data theft.
The fact is that Etana is a partner of Kraken, as the exchange uses their service for fiat currency deposits on their platform, particularly for US and Canadian dollars, euros, British pounds and Japanese yen.
What is not known, however, is whether the data stolen from Etana also includes some data regarding the exchange’s customers. In any case, it does not appear that funds have been stolen, but only data.
Etana Custody confirmed the violation stating that it happened on April 18th, and allowed an unauthorized external party to access its interface.
This access would have allowed the attacker to come into possession of some unknown information but not to move funds. In fact, the internal protection system identified the attack and activated the alarm that allowed the managers to neutralize the attack.
There would be no technical damage to the platform, which therefore remains operational.
The hypothesis is, however, that the attacker could at least have stolen personal information of the users, such as name, telephone number and address, but not those related to identity documents, driver’s license or passport. It is not known whether this has actually happened or not, but it is possible that it has taken place.
Kraken did not confirm the theft of information but instead stated that no funds were stolen. The attack did not take place on the exchange platform, which does not appear to have been violated, but only on that of the partner used for fiat currency deposits.
At the moment there is no complaint from exchange users, but the hypothesis has been raised, but not confirmed, that the stolen data could also include credit card details. Etana has not stated that this has happened, but further investigations are still underway, and since there has been no misappropriation of funds, it is possible that this last hypothesis is not correct.