TLDR
- Criminal actors are demanding payment from Kraken in exchange for not releasing recordings of the exchange’s internal operations
- Chief Security Officer Nick Percoco states no system breaches occurred and customer assets remain secure
- Approximately 2,000 user accounts may have been viewed during two distinct events in February 2025 and recently
- The exchange is collaborating with federal authorities and has successfully stopped one previous extortion effort
- A comparable incident occurred at Coinbase in May 2025, involving a $20 million ransom demand after approximately 70,000 user records were accessed
The cryptocurrency exchange Kraken has publicly declined to meet the demands of a criminal organization that secured video recordings of its internal operational systems and is now threatening public disclosure. The platform’s Chief Security Officer, Nick Percoco, shared this development via X on Monday.
Kraken Security Update
We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands. It’s important to start with the most important points: our systems were never…
— Nick Percoco (@c7five) April 13, 2026
According to Percoco, the threat actors captured footage showing Kraken customer service personnel working within internal client management systems. This recorded material is now being weaponized to extract an undisclosed sum from the company.
“We will not pay these criminals,” Percoco stated emphatically. “We will not ever negotiate with bad actors.”
The exchange has verified that no complete system compromise took place. User assets remained protected throughout both incidents.
This situation stems from two distinct events. The initial occurrence took place in February 2025, when evidence suggests a Kraken support staff member recorded internal operational systems. A subsequent incident following similar methods occurred more recently.
Following both situations, Kraken responded swiftly to recognize the danger and terminate unauthorized access. The platform reports having already neutralized one extortion scheme linked to these activities.
Roughly 2,000 user accounts on Kraken’s platform may have been accessed during these two separate incidents. The exchange confirms it has contacted all potentially impacted individuals.
Federal Authorities Now Investigating
The exchange is currently partnering with federal law enforcement agencies to pursue the criminal organization behind the threats. Percoco indicated that the ongoing investigation may result in criminal charges.
Additionally, the platform is coordinating with cybersecurity specialists across the industry. Percoco explained the company is working together to “investigate and disrupt insider recruitment efforts” that target cryptocurrency, gaming, and telecommunications organizations.
Internal security threats have emerged as an escalating challenge throughout the cryptocurrency sector. The North Korean-linked Lazarus Group has gained notoriety for infiltrating legitimate organizations with operatives, with security researchers documenting at least 60 confirmed Lazarus-connected developers working within cryptocurrency projects.
Coinbase Experienced Similar Extortion Tactics
This isn’t the first time a prominent cryptocurrency platform has confronted such threatening demands. During May 2025, Coinbase revealed that cybercriminals threatened to publish customer information unless the platform delivered $20 million.
That security incident impacted approximately 70,000 customers and resulted from bribery schemes targeting international customer support contractors.
Overall cryptocurrency security incidents have shown an upward trend in losses. According to blockchain security firm Nominis, over $178 million was stolen across significant crypto-related incidents during March 2026, representing a substantial increase from the $49.3 million lost in February.
Permission exploitation emerged as the predominant attack vector in March, with targets unknowingly granting approval for transactions that provided attackers direct control over their digital assets.
Percoco emphasized that protecting Kraken’s customers remains the platform’s “highest priority” and affirmed the company’s ongoing commitment to strengthening defenses against evolving security challenges.
