Kraken Refuses to Pay Criminals After Insiders Leak Data on 2,000 Accounts
Summary
Kraken disclosed that a criminal group is extorting the company with videos of its internal systems containing client data. The exchange maintains there was no breach, no funds were ever at risk, and it will not negotiate. The source of the threat was internal, two support staff were identified and removed.
Kraken revealed on April 13, 2026, that it is facing active extortion demands from a criminal group threatening to release videos purportedly showing access to internal client support systems, according to a statement from Nick Percoco, the company’s chief security and information officer.
The exchange traced the incidents to two separate members of its own support team who improperly accessed limited client data. The first case surfaced in February 2025 after Kraken received a tip about a video circulating on a criminal forum. The company identified the employee, revoked their access, and implemented additional security controls. A second, more recent tip led to the identification and termination of another insider. Across both incidents, approximately 2,000 accounts — representing 0.02% of Kraken’s client base — were potentially viewed.
Shortly after the second individual’s access was cut, Kraken began receiving extortion demands. The group threatened to distribute the recorded material to media outlets and on social media unless the company complied. Kraken’s response was unequivocal: it will not pay and will not negotiate.
The incidents highlight a growing and uncomfortable vulnerability across the crypto industry — insider threats. Unlike external hacks that exploit smart contract bugs or infrastructure weaknesses, insider recruitment schemes target human access points that are far harder to defend against with code alone. Kraken said it has been collaborating with industry partners and law enforcement to investigate broader insider recruitment efforts targeting not just crypto firms but also gaming and telecommunications companies.
The exchange said it believes sufficient evidence exists to support the identification and arrest of those responsible and is working with federal law enforcement across multiple jurisdictions. Affected clients have already been notified.
The disclosure comes amid a string of security events across the sector. Galaxy Digital recently contained a separate cybersecurity incident involving unauthorized access to an isolated development workspace, though no client data was compromised in that case either.
Kraken’s decision to go public with the extortion attempt rather than quietly manage it signals a shift in how major exchanges handle threats — choosing transparency and law enforcement over silence and settlement.