Crypto-exchange Kraken extorted by hackers after insider breach

Summary

Kraken cryptocurrency exchange disclosed an extortion attempt by cybercriminals who obtained videos of internal systems through insider threats involving two support employees. The breach exposed limited client support data affecting approximately 2,000 accounts (0.02% of users), with no client funds at risk. Kraken confirmed it will not pay the extortionists and is cooperating with federal law enforcement for prosecution.

Full text

Crypto-exchange Kraken extorted by hackers after insider breach By Bill Toulas April 14, 2026 05:58 PM 0 The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data. The company’s Chief Security Officer, Nick Percoco, stated that the incident did not put client funds at risk and involved an insider threat, with two instances of improper access to limited customer data by support employees. Kraken says that it will not pay or negotiate with the threat actor. “We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands,” stated Percoco. “It’s important to start with the most important points: our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors.” Kraken is a U.S.-based cryptocurrency exchange that enables millions of users across 190 countries to buy, sell, and trade digital assets such as Bitcoin, Ethereum, and 200 others. It is considered one of the largest and most established exchanges, with a daily trading volume of hundreds of millions of U.S. dollars. Following a “tip from a trusted source” in February 2025 about cybercriminals circulating a video demonstrating access to its client support systems, Kraken initiated an investigation and uncovered a support employee recruited by the threat actor. More recently, Kraken received a tip about another, more recent video showing insider access to its systems. In both cases, the company reacted quickly by revoking the employee’s access, launching investigations, and strengthening controls. Where user exposure was identified, Kraken notified affected users directly. According to Percoco, the incident affects only about 2,000 accounts, which represents 0.02% of Kraken’s user base. For this small subset, the exposed information reportedly only concerns client support data. Kraken stated that its investigation has gathered enough evidence to legally prosecute all involved individuals attempting to blackmail them, and the company is closely working with federal law enforcement across multiple jurisdictions towards this goal. Insider threats and malicious recruitment are a broader problem impacting multiple industries, and especially the cryptocurrency sector. In mid-2025, it was revealed that another major American cryptocurrency exchange, Coinbase, suffered a data breach after hackers bribed employees of an India-based customer support agency to disclose to them private client support information. In that case, the incident impacted 70,000 customers, with Coinbase estimating the total financial damages to be $400 million. Automated Pentesting Covers Only 1 of 6 Surfaces. Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation. Get Your Copy Now Related Articles: Ex-data analyst stole company data in $2.5M extortion schemeBitrefill blames North Korean Lazarus group for cyberattackRansomware payment rate drops to record low as attacks surgeFake Ledger Live app on Apple’s App Store stole $9.5M in cryptoStolen Rockstar Games analytics data leaked by extortion gang

Entities