Cyber Incident Victim: Etana Custody

On April 18, 2020, Etana Custody, a financial services provider handling fiat currency deposits for cryptocurrency exchange Kraken, experienced a security breach involving unauthorized access to its client user interface. The breach was detected by Etana’s internal security systems, which triggered alerts during the incident. According to the company’s official statements, an external party infiltrated the system but did not compromise client assets, including fiat currencies like the U.S. dollar, euro, Canadian dollar, British pound, and Japanese yen, or digital currencies held in custody. Etana confirmed no unauthorized withdrawals or transfers occurred. The breach was neutralized following its detection, though the exact duration of unauthorized access and the specific intrusion methods were not disclosed.

The incident exposed users’ personally identifiable information, including names, email addresses, physical addresses, and phone numbers. Etana clarified that more sensitive documents—such as passports, government-issued IDs, and driver’s license numbers—remained inaccessible to the attackers. While client funds were unaffected, the compromise of personal data raised concerns about potential secondary risks to affected users. This breach occurred amid a series of attacks targeting cryptocurrency platforms in April 2020, including a $25 million exploit of DeFi protocol dForce on April 19 and a failed $6.7 million 51% attack on PegNet’s stablecoin network on April 22. Etana’s public communications emphasized system restoration and reiterated the safety of client assets but did not detail forensic findings or long-term remediation steps beyond the immediate containment.