Key Takeaways:

• Kraken said two employees misused access to view limited user data, but no funds were at risk.
• The exchange refused to pay or negotiate after criminals threatened to leak internal data.
• Even secure platforms can face insider risks, making features like 2FA and withdrawal whitelisting important.

A criminal group has threatened to release videos showing internal systems and user data of the US-based crypto exchange Kraken unless it is paid.

On 13 April 2026, Nick Percoco, chief security officer of Kraken, publicly disclosed the situation and made clear the exchange would neither pay nor negotiate with the group. Kraken’s core systems were never breached, and no customer funds were ever placed at risk, Percoco confirmed.

Two insider incidents, one extortion demand

The case stems from two separate incidents in which employees with legitimate internal access misused it to view limited client support data. Internal systems or client support systems typically mean tools used by staff to help users with account-related issues and do not store private keys, which are required to move crypto funds.

The first incident occurred in February 2025, when Kraken received a tip about a video, shared on a criminal forum, that appeared to show access to its client support systems. The person involved was identified as a member of the support team; their access was immediately revoked, and a small number of affected users were notified.

A second tip arrived later, along with a new video showing similar activity. Kraken again identified the individual responsible and terminated their access. Across both incidents, around 2,000 accounts were potentially viewed, representing about 0.02% of Kraken’s total user base. All affected users have already been informed.

Shortly after the second individual’s access was shut down, extortion demands followed. The criminal group threatened to release footage from both incidents to media outlets and across social media if Kraken did not comply with its demands. The exchange said it refused to engage.

Learn More: What is a Private Key?

Working with law enforcement

Kraken is currently cooperating with federal law enforcement across multiple jurisdictions, and Percoco stated that sufficient evidence exists to support the identification and arrest of those responsible.

The exchange is also coordinating with industry partners to tackle a broader trend of insider recruitment, where criminals try to gain access by secretly recruiting or bribing employees. Kraken noted that this threat is not limited to crypto firms but also affects gaming and telecommunications companies.

This type of attack is not unique to Kraken. In May 2025, Coinbase — another major US-based crypto exchange — disclosed that criminals had bribed its customer support contractors to access user data, then threatened to expose information affecting 69,461 accounts unless the platform paid $20 million.

Related: Kraken User Loses $18.2M in Ether in Suspected Scam

How to better protect your crypto account

The Kraken case highlights that even when an exchange’s main systems are secure, insiders can still expose limited user data, underscoring the importance of account-level protections.

Many exchanges like Kraken, Binance, and others offer features like withdrawal address whitelisting (allowing withdrawals to only pre-approved wallet addresses) and dual two-factor authentication (2FA).

Dual 2FA means users must confirm actions using both an app like Google Authenticator and an email code when setting up or modifying withdrawal addresses. Such tools add an extra layer of security even if account data is exposed.

Percoco said Kraken remains committed to strengthening its security practices as the investigation continues. This is a developing story.