Table of Contents
Kraken disclosed on Monday that a criminal group is attempting to extort the exchange by threatening to release videos purportedly showing access to its internal systems and client data, unless the company complies with unspecified demands. The exchange says it will not pay.
Chief security officer Nick Percoco made the disclosure on X, stating: "Our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors."
Kraken Security Update
— Nick Percoco (@c7five) April 13, 2026
We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands. It’s important to start with the most important points: our systems were never…
The extortion attempt stems from two separate incidents involving inappropriate access by members of Kraken's support team, rather than an external breach of its core infrastructure. The first incident dates to February 2025, when Kraken received a tip about a video circulating on a criminal forum. An internal investigation identified the employee involved, whose access was immediately revoked, and additional security controls were put in place. A second similar incident was detected more recently, with Kraken again identifying the individual involved and terminating their access before notifying affected users.
Across both incidents, approximately 2,000 client accounts — representing 0.02% of Kraken's user base — were potentially viewed. Extortion demands arrived shortly after the most recent access was shut down, with the group threatening to distribute materials from both incidents to media outlets and on social media platforms.
Kraken said it has been working with industry partners and law enforcement across multiple jurisdictions and believes there is sufficient evidence to support the identification and arrest of those responsible. The exchange also described the incidents as part of a broader pattern of insider recruitment efforts it has been tracking, targeting not only crypto firms but also companies in gaming and telecommunications.
The disclosure arrives at a moment of heightened security scrutiny across the digital asset sector. Galaxy Digital, the digital asset financial services firm founded by Mike Novogratz, disclosed earlier this month that it recently contained a cybersecurity incident involving unauthorised access to an isolated development workspace. The firm said no client funds or account data were accessed, and that the affected environment was not connected to its core infrastructure, production systems, or trading platforms.
Kraken said clients who were potentially affected by either incident have already been directly notified, and that no action is required from those who did not receive a notification.
