Kraken Is Being Extorted.
It Won’t Pay.

Kraken, one of the world’s largest cryptocurrency exchanges, disclosed on Monday that it is currently the target of an extortion campaign by a criminal group threatening to release videos of internal systems and client data. The exchange says it will not comply, has never had its core systems breached, and is actively working with federal law enforcement across multiple jurisdictions.

The disclosure came directly from Nick Percoco, Kraken’s Chief Security Officer, in a public statement posted to X. It is unusually direct — a company naming the threat, confirming the two incidents behind it, and publicly refusing to pay — in an industry where security disclosures are typically delayed, minimized, or handled quietly.

What Actually Happened

According to Percoco’s statement, both incidents involved insider access — individuals within Kraken’s support infrastructure who gained inappropriate access to limited client support data. Neither incident was the result of an external hack or network breach. The criminals now threatening Kraken obtained their leverage through these insider access events, not through a technical compromise of exchange infrastructure.

The two incidents are separated by over a year, and Kraken was tipped off to both through external intelligence — the first from a trusted source in February 2025, the second more recently. In each case, the exchange says it moved immediately: access revoked, full investigation launched, affected clients notified.

Incident Timeline

An Insider Recruitment Problem, Not Just a Kraken Problem

One of the more significant details in Percoco’s statement is the scope of what Kraken says it has been investigating. Since the February 2025 incident, the exchange has been collaborating with industry partners and law enforcement to investigate and disrupt what it describes as organized insider recruitment efforts — targeting not only crypto companies, but also gaming and telecommunications organizations.

This reframes the incident from a Kraken-specific failure to something broader: a coordinated campaign to place or leverage insiders across multiple industry verticals. The implication is that the criminal group behind the extortion didn’t get lucky — they’ve built a playbook, and Kraken isn’t their only target.

“We believe there is sufficient evidence to support the identification and arrest of those responsible.”

— Nick Percoco, Chief Security Officer, Kraken

Percoco’s statement is careful to note that Kraken cannot share additional details due to the ongoing investigation — but the public confidence here is notable. The exchange is not hedging. It believes it knows who is responsible, and it is saying so publicly while working with federal law enforcement to pursue arrests.

What Was Actually Accessed

Across both incidents, approximately 2,000 client accounts were potentially viewed. Kraken describes this as “limited client support data” — consistent with what a customer support employee would have access to in the normal course of their work. The exchange does not describe any bulk data extraction, system compromise, or access to trading infrastructure, wallets, or private keys.

The 2,000 figure represents approximately 0.02% of Kraken’s client base — a very small fraction, though not one that will feel small to anyone whose account appeared in those videos.

The Public Refusal

Exchanges that get extorted typically don’t announce it this way. The standard playbook is to handle things quietly — negotiate behind closed doors, involve lawyers, hope the story doesn’t get out. Kraken’s approach is different: go public, refuse explicitly, and make clear that law enforcement is already involved.

There are strategic reasons for this. Once an extortion demand becomes public, the leverage largely evaporates. The criminals were threatening to go to media — Kraken got there first, on its own terms, with its own framing. The narrative now belongs to the exchange, not the extortionists.

It also signals something to future bad actors: Kraken won’t pay, and going public is the response. That’s a harder posture to sustain than it sounds — it requires confidence that the underlying facts are as clean as the company says they are. Percoco is putting that confidence on record.

The broader story here isn’t just about Kraken. Insider threats are one of the most difficult security problems in any industry — harder to detect than external attacks, often more damaging, and almost impossible to fully prevent at scale. The fact that a single criminal group appears to be running coordinated recruitment campaigns across crypto, gaming, and telecom suggests this is an increasingly organized threat category, not just opportunistic misbehavior by a few bad employees.

Kraken says anyone with relevant information is encouraged to contact them directly. Federal law enforcement across multiple jurisdictions is involved. The exchange says arrests are supported by the evidence gathered.

For now, the message from Kraken is straightforward: systems weren’t breached, funds weren’t at risk, the affected clients have been told, and the criminals aren’t getting paid.