Kraken is dealing with an extortion attempt after internal security incidents exposed limited client data through insider access.
Key Takeaways
- Kraken confirmed two insider related incidents involving support staff and limited client data access.
- Around 2,000 accounts were potentially viewed, representing a very small portion of users.
- The exchange stated no systems were breached and no funds were at risk.
- A criminal group is attempting extortion, but Kraken has refused to pay and is working with law enforcement.
What Happened?
Crypto exchange Kraken disclosed that it is facing an extortion attempt after two separate insider related security incidents involving its support staff. The company said the incidents were contained quickly and did not impact its core systems or customer funds.
Kraken Security Update
β Nick Percoco (@c7five) April 13, 2026
We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands. Itβs important to start with the most important points: our systems were neverβ¦
Insider Access Incidents Trigger Security Concerns
The issue traces back to two separate cases where individuals within Krakenβs support team accessed internal tools inappropriately. These tools allowed visibility into limited client support data, but not sensitive financial systems.
The first incident occurred in February 2025 after Kraken received a tip about a video circulating on a criminal forum. An internal investigation identified the individual responsible, revoked their access, and introduced additional safeguards.
A second similar case emerged more recently. Kraken again identified the source, removed access immediately, and notified affected users. Across both incidents, about 2,000 client accounts were potentially viewed, which accounts for roughly 0.02 percent of its global user base.
According to Nick Percoco, the company acted swiftly in both cases. He stated:
Extortion Attempt Follows Contained Incidents
Shortly after shutting down the unauthorized access, Kraken began receiving extortion demands. The attackers claim to possess videos showing internal systems and client related data. They have threatened to release the material publicly unless the company complies.
Kraken has taken a firm stance, refusing to engage with the attackers. The company confirmed it is working closely with law enforcement agencies and industry partners across multiple jurisdictions to investigate the case.
Percoco emphasized the companyβs position, stating that client security remains its highest priority and that Kraken is committed to strengthening its defenses against evolving threats.
Rising Risk of Insider Threats in Crypto
The incidents highlight a growing concern in the crypto industry, where insider threats are becoming more prominent. Support roles often require limited access to user accounts for troubleshooting, which can create potential vulnerabilities if misused.
Kraken noted that this case may be part of a broader pattern of insider recruitment efforts targeting not only crypto firms but also gaming and telecommunications companies.
Other firms have faced similar challenges. For example, Coinbase previously disclosed a breach involving overseas contractors that affected tens of thousands of accounts. Meanwhile, groups like Lazarus Group have been linked to attempts to infiltrate companies through insider placements.
Industry Context and Related Incidents
The crypto sector continues to attract attackers due to the high value and speed of digital asset transfers. While external hacks often dominate headlines, internal vulnerabilities are increasingly seen as a critical risk.
In a separate case, Galaxy Digital, founded by Mike Novogratz, reported a cybersecurity incident involving unauthorized access to a development environment. The firm confirmed that no client funds or sensitive data were affected.
These developments underline the need for stronger access controls, monitoring systems, and employee vetting processes across the industry.
CoinLaw’s Takeaway
In my experience, this situation shows that insider risk is just as serious as external hacking in crypto. I found Krakenβs response strong and transparent, especially its refusal to give in to extortion. That said, even limited access incidents can damage trust if not handled properly.
What stands out to me is how small the actual impact was compared to the scale of the platform, yet it still triggered a major security response. This tells me the industry is maturing, but also that attackers are getting smarter by targeting people instead of systems.
