TL;DR

  • Kraken confirms two security incidents where insiders gained unauthorized access to internal support tools
  • Around 2,000 customer accounts were affected – only basic data such as name and address were exposed, no funds were lost
  • A criminal group is now threatening to leak video evidence from the incidents unless Kraken meets their demands
  • Kraken's Chief Security Officer declares: the company will neither pay nor negotiate

Insiders Gave Criminals a Foothold

Crypto exchange Kraken has announced that the company is the target of a criminal extortion attempt. The incident stems from two separate security incidents where individuals with internal access – either current or former customer support employees – gained unauthorized entry to the company's internal support systems, according to Unchained.

The first incident reportedly took place in February 2025. A more recent, separate incident triggered what has now escalated into a direct extortion attempt. The criminal group claims to possess video recordings documenting the unauthorized access and threatens to publish this material – including customer data – if Kraken does not meet their demands.

Around 2,000 accounts – 0.02% of Kraken's total user base – had data exposed.
Kraken Extorted After Two Insider Threats: 'We Are Not Paying'

Limited Damage, but Serious Threat

Kraken states that approximately 2,000 customer accounts were affected by the data exposure. This accounts for about 0.02 percent of the exchange's total global user base. The compromised information was limited to basic support data – names and physical addresses – and no customer funds were stolen or put at risk.

Chief Security Officer Nick Percoco emphasizes that the core infrastructure was never breached.

"Our systems were never breached. Funds were never at risk. We will not pay these criminals. We will never negotiate with malicious actors." — Nick Percoco, CSO at Kraken

Kraken has directly notified all affected users, revoked access privileges, strengthened security routines, and is cooperating with federal law enforcement across multiple jurisdictions. According to Percoco, there is sufficient evidence to support the identification and apprehension of those responsible.

Kraken Extorted After Two Insider Threats: 'We Are Not Paying'

A Recurring Challenge for Major Exchanges

This incident is not Kraken's first encounter with such threats. In June 2024, the company uncovered a critical zero-day vulnerability that was exploited to extract approximately three million dollars from the company's own reserves. The security firm CertiK, which subsequently identified itself as the actor behind it, claimed it was a legitimate security test. Kraken reported the matter to the police and called it extortion.

Experts referenced by Unchained point out that insider recruitment is a growing threat to crypto exchanges in general. Criminal networks are actively seeking to recruit employees at large platforms like Kraken, Coinbase, Binance, and Gemini, offering amounts ranging from 3,000 to 15,000 dollars for access or information.

Transparent Response as a Deterrence Strategy

Kraken's open communication regarding the incident mirrors an approach also seen from Coinbase in a similar case in 2025. Both exchanges have chosen to publicize the threats rather than keep them hidden – which is interpreted as a deliberate strategy to signal that extortion yields no results and thus deter future attempts.

The security community points out that the critical weak link in many cases is not technical infrastructure, but the people in the support teams. The question of whether Kraken uses third-party customer support has circulated in the crypto community in the wake of the disclosure, without the exchange directly commenting on it.

The case underscores that crypto exchanges in 2026 face a complex threat landscape – where internal actors pose as real a risk as external hackers.