Crypto exchange Kraken is standing firm against an active extortion campaign after criminals — armed with recorded videos of internal support systems — threatened to leak sensitive client data unless the company paid up. Kraken's response was unambiguous: no payment, no negotiation, and now a federal investigation.
The disclosure, made directly by Chief Security Officer Nick Percoco on X, confirms two separate incidents involving unauthorised insider access to Kraken's client support systems — not an external hack.
Kraken Security Update
— Nick Percoco (@c7five) April 13, 2026
We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands. It’s important to start with the most important points: our systems were never…
Across both episodes, approximately 2,000 client accounts (just 0.02% of the total user base) were potentially viewed. Critically, no funds were at risk, and the broader platform was never compromised.
The first incident surfaced in February 2025 when Kraken received a tip from a trusted industry source about a video circulating on a criminal forum. The footage appeared to show someone navigating Kraken's internal support tools. The exchange traced the access to a member of its own support team, revoked their access immediately, tightened internal security controls, and notified the small number of affected clients.
The second incident followed a similar playbook — another tip, another internal video, another support staffer identified and terminated. Shortly after that, the second access was shut down, and the extortion demands began. The criminals threatened to distribute footage from both incidents to media outlets and social media platforms unless Kraken complied.
Since the February 2025 incident, Kraken has been working with industry partners and law enforcement to track what appears to be a coordinated insider recruitment operation — one targeting not only crypto platforms but also gaming and telecommunications companies.
This aligns with Coinbase's earlier disclosure in 2025, in which overseas support agents accepted bribes to hand over customer data, leading to a separate $20 million ransom demand that Coinbase also refused to pay.
Percoco stated that sufficient intelligence has been gathered across both incidents to support the identification and arrest of those responsible. Federal law enforcement across multiple jurisdictions is actively pursuing the individuals involved.
For Kraken clients, the bottom line is straightforward: if you have not received a direct notification from Kraken, your account was not among the 2,000 potentially viewed. The company says it has already contacted everyone affected.
The broader lesson for the industry is harder to dismiss. Technical defences — cold storage, encrypted infrastructure, multi-factor authentication — mean little when the weakest link sits at a support desk with legitimate access. Exchanges are increasingly learning that insider threat programmes are not optional.