Remember that the person/people who pulled off this inside job had access to everything belonging to FTX - wallets, private keys, servers, websites, apps, source code, the lot. They would certainly have had access to transaction histories, and so could simply have picked the Kraken account of an unsuspecting FTX user to send some of the stolen funds to in order to throw people off the scent. And they could well have also had access to FTX's collected KYC data, meaning they could have used that data at any time in the past to open a Kraken account in someone else's name. Or they could just have bought some of the many many users' KYC data which is up for sale on the darknet.

It's too early to assume that whomever this Kraken account belongs to is the main culprit or indeed is actually involved at all.