USDKraken Says Extortion Attempt Followed Insider Data Access
Exchange says customer funds were never exposed despite criminal threat
TL;DR
- Kraken said an active extortion attempt followed two insider-access incidents involving rogue support personnel.
- The exchange said about 2,000 client accounts, or roughly 0.02% of its user base, were affected.
- Kraken said its systems were not breached, customer funds were never at risk, and it will not pay.
We’ve launched the all-new COIN360 Perp DEX, built for traders who move fast!
Trade 130+ assets with up to 100× leverage, enjoy instant order placement and low-slippage swaps, and earn USDC passive yield while climbing the leaderboard. Your trades deserve more than speed — they deserve mastery.
Kraken said on April 13, 2026 that it is facing an active extortion attempt by a criminal group that threatened to release videos showing internal systems and client data, but the exchange said the incident did not involve a breach of its core infrastructure and that customer funds were never at risk.
Kraken said the matter stemmed from insider abuse rather than an outside compromise of its systems. The exchange described two isolated incidents involving rogue support personnel who misused legitimate access privileges. Kraken said it first detected one case in February 2025 after receiving a tip about a video circulating on a criminal forum that appeared to show someone navigating internal client-support systems.
Kraken said it identified the employee involved in that earlier case, revoked access immediately, strengthened security controls and notified affected users. After a second tip pointed to a similar video in a more recent incident, Kraken said it again identified the employee involved, terminated that person’s access and opened a full investigation.
What Kraken said was affected
Kraken said the exposure was limited to customer information tied to about 2,000 client accounts, representing about 0.02% of its total user base. The exchange said the incident involved unauthorized viewing of customer information, not compromised wallets, not a breach of exchange systems and not a loss of customer funds. Kraken said all users believed to be affected have already been contacted directly.
Kraken said the criminal group escalated after the latest unauthorized access had already been shut down. According to Kraken, the group threatened to distribute footage of internal systems to media outlets and across social media as part of the extortion attempt. The exchange did not disclose the amount that was demanded.
Kraken says it will not negotiate
Nick Percoco, Kraken’s chief security officer, said the company would not meet the extortion demand. “We will not pay these criminals,” Percoco said. He also said, “We will not ever negotiate with bad actors,” as Kraken said it is working with federal law enforcement across multiple jurisdictions.
Percoco said Kraken believes it has enough evidence to identify and arrest the people behind the scheme. He also said Kraken has been working with industry partners and law enforcement to investigate and disrupt insider-recruitment efforts that he said target crypto firms as well as gaming and telecommunications companies.
FAQ
What did Kraken say happened?
Kraken said rogue support personnel misused legitimate access privileges.
Were customer funds at risk?
Kraken said customer funds were never at risk.
How many accounts were affected?
Kraken said about 2,000 client accounts were affected.
Will Kraken pay the extortion demand?
No. Percoco said, “We will not pay these criminals.”
This article has been refined and enhanced by ChatGPT.
