TLDR
- Criminal organization demands payment from Kraken in exchange for not releasing videos showing the exchange’s internal operations
- Chief Security Officer Nick Percoco states that no system compromise occurred and all customer funds remain secure
- Approximately 2,000 user accounts were potentially accessed during two distinct events in February 2025 and a more recent occurrence
- Federal authorities are collaborating with Kraken on the investigation, with one extortion scheme already thwarted
- A comparable extortion scenario targeted Coinbase in May 2025, with attackers demanding $20 million following a breach affecting approximately 70,000 customers
The cryptocurrency exchange Kraken has taken a firm stance against paying criminals who acquired video recordings of its internal operational systems and are now threatening public disclosure. Chief Security Officer Nick Percoco announced the company’s position via X on Monday.
Kraken Security Update
We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands. It’s important to start with the most important points: our systems were never…
— Nick Percoco (@c7five) April 13, 2026
According to Percoco, the threat actors recorded footage of Kraken customer support personnel while they were accessing internal client management systems. This material is now being weaponized to extract an undisclosed sum from the exchange.
“We will not pay these criminals,” Percoco declared. “We will not ever negotiate with bad actors.”
The exchange has verified that none of its systems experienced a complete security breach. At no time were customer assets placed in jeopardy during either of the incidents.
This situation stems from two distinct events. The initial occurrence took place in February 2025, when evidence suggests a Kraken support staff member recorded internal systems. A subsequent, more recent incident followed an identical methodology.
The exchange responded swiftly in both instances to detect the vulnerability and eliminate unauthorized access. According to the company, it has successfully prevented one extortion scheme linked to these activities.
Approximately 2,000 customer accounts on Kraken’s platform may have been viewed throughout both incidents. The exchange confirms it has contacted all potentially impacted individuals.
Federal Law Enforcement Involved
The cryptocurrency platform is currently partnering with federal law enforcement agencies to pursue the criminal organization. Percoco indicated that the ongoing investigation may result in arrests.
Additionally, the exchange is partnering with cybersecurity professionals across the industry. Percoco stated the company is working together to “investigate and disrupt insider recruitment efforts” that target cryptocurrency, gaming, and telecommunications firms.
Internal security threats represent an escalating challenge throughout the digital currency sector. The North Korean cybercrime organization Lazarus Group has demonstrated proficiency in embedding operatives within legitimate organizations, with security researchers documenting no fewer than 60 confirmed Lazarus-connected programmers working for cryptocurrency ventures.
Coinbase Faced a Similar Attack
This isn’t the first time a prominent cryptocurrency exchange has encountered such extortion tactics. During May 2025, Coinbase revealed that cybercriminals were threatening to expose customer information unless the platform delivered $20 million.
That security incident impacted approximately 70,000 individuals and resulted from bribery schemes involving offshore customer service contractors.
Overall security breaches in the cryptocurrency space have shown an upward trend. Over $178 million was stolen through significant crypto-related incidents during March 2026, representing a substantial increase from the $49.3 million recorded in February, based on data from blockchain intelligence company Nominis.
Transaction authorization exploitation emerged as the predominant attack vector in March, with targets inadvertently granting approval for transactions that provided attackers with direct wallet access.
Percoco emphasized that protecting Kraken’s customers remains the platform’s “highest priority” and stated the organization continues to enhance its security measures against emerging threats.
