Crypto exchange Kraken disclosed an active extortion attempt by a criminal group that claims to possess videos showing internal systems with limited client data. The company said it will not comply with any demands and has involved law enforcement across multiple jurisdictions.

Chief Security Officer Nick Percoco outlined the situation in a public statement on X, where he wrote:

“We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands.”

He added:

“We will not pay these criminals; we will not ever negotiate with bad actors.”

Insider access, not system breach

Kraken said the incident stems from two separate cases of inappropriate internal access rather than an external breach. The company emphasized that its infrastructure remained intact and that customer funds were never at risk.

“Our systems were never breached; funds were never at risk,” Percoco said.

The first case dates to February 2025. Kraken received a tip about a video circulating on a criminal forum that appeared to show access to internal support systems. The company launched an internal investigation and identified the individual responsible as a member of its support team. Access was revoked, and the firm implemented additional security controls while notifying affected clients.

A second, similar case surfaced more recently. Kraken said it again received a tip alongside a new video showing comparable activity. The company identified the individual involved and terminated their access. It followed the same response protocol, which included investigation and client notification.

Across both cases, Kraken estimated that approximately 2,000 client accounts were potentially viewed. The company stated this represents about 0.02% of its total user base. It confirmed that all affected users have already received notifications.

Criminal threats escalate after access removal

Kraken said the extortion attempt began shortly after it cut off access in the latest incident. The group threatened to distribute materials from both cases to media outlets and across social media platforms if the company refused to comply.

Percoco said the company has gathered intelligence from both incidents and believes it can identify those responsible.

“We are actively working with federal law enforcement across multiple jurisdictions to pursue all individuals involved and bring them to justice,” he wrote.

The company declined to provide further operational details due to the ongoing investigation.

Broader pattern of insider targeting

Kraken linked the incidents to a wider trend of insider recruitment campaigns that target employees with access to sensitive systems. The firm said it has worked with industry partners and law enforcement to investigate these efforts, which extend beyond crypto into gaming and telecommunications sectors.

“Since then, we have been collaborating with industry partners and law enforcement to investigate and disrupt insider recruitment efforts targeting not only crypto companies, but also gaming and telecommunications organizations,” Percoco said.

The company indicated that both incidents involved limited access to customer support data rather than core trading or custody systems. Kraken continues to operate normally and has introduced additional safeguards following the events.

Industry context shows rising data risks

The situation echoes similar incidents across the crypto sector. Coinbase disclosed a data breach in 2025 that affected more than 69,000 users after attackers bribed customer support agents to obtain personal information.

Recent data highlights a broader increase in crypto-related security incidents. Blockchain intelligence firm Nominis reported that losses across major incidents reached $178 million in March 2026, compared to $49.3 million in February. Authorization abuse played a central role in many of those cases.

Physical threats have also increased. A report from CertiK found that wrench attacks rose more than 75% year over year, with more than $40 million in confirmed losses last year.

These patterns reflect a shift toward human vulnerabilities rather than purely technical exploits. Insider access, social engineering, and coercion have emerged as recurring attack vectors.

Ongoing investigation and security response

Kraken stated that it has sufficient evidence to support identification and potential arrest of those involved. The company encouraged anyone with relevant information to come forward.

“The security of our clients is our highest priority, and we remain fully committed to combating the growing global threat of insider recruitment and constantly enhancing our security practices to combat new threats,” Percoco said.

The exchange has not disclosed additional technical details while the investigation remains active. It confirmed that operations continue without disruption and reiterated that no funds or core systems were compromised.

Bitcoin Jumps 5% Amid Iran Deal Hopes, Liquidations | HODL FM NEWS
Bitcoin price surged near $75K after liquidations and Iran deal hopes boosted sentiment, with over $500 million in shorts wiped out across crypto markets.
hodl-post-imageHODL FM News: The Wildest Ride in the Crypto MarketRoman Zaika
hodl-post-image

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that, despite the nature of much of the material created and hosted on this website, HODL FM operates as a media and informational platform, not a provider of financial advisory services. The opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice, HODL FM strongly recommends contacting a qualified industry professional.