Shocking Insider Extortion Hits Kraken: They Won’t Pay a Dime

by

Kraken Says It Won’t Negotiate Amid Extortion Threat

On April 13, 2026, Kraken’s security chief, Nick Percoco, announced on X that the cryptocurrency exchange is being targeted by attackers demanding a ransom. The attackers gained access to videos of Kraken employees accessing internal systems used to help customers, and also obtained limited data from about 2,000 user accounts – representing less than 0.02% of Kraken’s total user base.

According to Percoco, Kraken’s main systems were never compromised, and customer money is secure. The company has made it clear they will not negotiate with the attackers. They’ve contacted customers who might be affected and are working with law enforcement agencies in several locations. Percoco believes the evidence they have is strong enough to lead to arrests.

We believe this incident isn’t just a one-time extortion attempt, but rather a sign that attacks from people inside crypto exchanges are becoming more sophisticated. These attacks combine tricking employees, using networks of criminals, and exploiting stolen data to make money – and current security systems weren’t built to prevent them at the initial access point.

DISCOVER: Best crypto to buy right now – CoinSpeaker’s updated guide

Kraken Extortion Incident: Two Insider Access Events, One Extortion Demand, and What the Exchange Has Confirmed

As a crypto investor, I learned that back in February 2025, Kraken got wind of a video being shared on some shady online forums. It showed one of their support team members accessing things they shouldn’t have. They quickly looked into it, cut off that person’s access, and boosted their security to prevent anything similar from happening again. It seems like someone was trying to use this as leverage, which is pretty concerning.

In early 2026, a similar security issue happened when another employee on the support team accessed client systems without permission. Kraken immediately stopped that person’s access and informed the clients who might have been affected.

Right after access was blocked in the second attack, the hackers demanded money, threatening to publish the stolen recordings to the news and social media if their demands weren’t met.

Kraken Security Update

A criminal group is attempting to blackmail us by threatening to publish videos showing our internal systems, including client data, unless we meet their demands. First and foremost, we want to assure you that our systems were never…

— Nick Percoco (@c7five) April 13, 2026

Kraken has reported that the data accessed by attackers was limited to support records for around 2,000 customer accounts. Importantly, no private keys, trading systems, or customer funds were affected. As of April 13th, no video footage related to the incident had been publicly released.

Percoco stated that protecting their clients is their top concern, and they are dedicated to fighting the increasing problem of people being recruited from within to commit crimes. This emphasizes that the incident was part of a larger pattern of criminal groups targeting important industries, rather than simply a mistake made by the company.

Several details surrounding the attack are still unconfirmed in Kraken’s public statements, including who the attackers were, exactly what they wanted, and how much of the recorded data was affected. However, Kraken has confirmed the sequence of events, the extent of the data accessed, how they notified people, and their decision not to pay the attackers’ demands.

EXPLORE: Best meme coins to watch – CoinSpeaker’s updated rankings

Insider Recruitment as a Systemic Exchange Risk: What the Kraken Pattern Reveals About Crypto’s Evolving Threat Surface

Both of the Kraken incidents followed a similar pattern: someone working inside the targeted organization was either recruited or forced to record their computer sessions. Then, the attackers demanded money, threatening to release the recordings. Security experts believe this method is part of a larger “Crime-as-a-Service” model, where criminal groups recruit insiders, provide technical help, and handle the financial side of the attacks.

Cybercriminals often target companies like cryptocurrency exchanges, gaming businesses, and telecom providers because these organizations hold valuable data, frequently use outsourced support teams, and are highly concerned about the damage a data breach could do to their public image.

It’s amazing – and worrying – how quickly after getting access to the Federal Reserve’s system this company was hacked. It might be a new record for the fastest time between approval and a major security breach.

— Amanda Fischer (@amandalfischer) April 13, 2026

As an analyst, I’ve been closely following recent crypto breaches, and they paint a clear picture of the range of threats we’re facing. The massive $270 million Drift Protocol hack, linked to North Korean groups, really highlights the potential for significant damage from highly skilled attackers targeting core infrastructure. But it’s not just those headline-grabbing attacks we need to worry about. The incidents at Kraken showed that even gaining access to lower-level support systems can be exploited, proving that the entire attack surface – not just the most fortified parts – presents a risk.

We believe Kraken’s actions – revealing the security incidents, working with police in different areas, and refusing to pay a ransom – were intended to send a clear message. It seems they wanted to publicly demonstrate that attempting to extort the exchange will lead to legal repercussions, not financial gain.

Once the ongoing investigation across multiple jurisdictions is complete, we expect to learn more, including information about any arrests made and the security measures Kraken put in place after each incident. Kraken has stated that users who were not affected by these incidents do not need to take any action.

EXPLORE: Kraken Master Account: Inside the Congressional Inquiry From Rep. Maxine Waters

Read More

2026-04-14 15:20