Kraken confirmed Monday it is being extorted by a criminal group holding videos of internal systems containing customer data, and the crypto exchange has publicly refused to comply.
Chief Security Officer Nick Percoco disclosed the threat via X on April 13, 2026, stating the firm is working with federal law enforcement across multiple jurisdictions to pursue arrests.
The refusal is the right call. It’s also a calculated institutional signal at a moment when exchange trust is structurally fragile.
Key Takeaways:
This was not a credential-scraping exploit or a protocol vulnerability. The entry point in both the February 2025 incident and the current extortion threat was insider recruitment; compromised individuals within Kraken’s organization granted access to internal systems, enabling reconnaissance rather than a full breach.
The access appears to have been read-only, sufficient to capture customer data on video without triggering immediate detection.
Percoco confirmed that Kraken received a tip about a video showcasing sensitive customer information from its internal crypto systems, the same mechanism used in the February 2025 case, when a similar video surfaced on a criminal forum.
In both instances, an internal actor was identified. The criminals are now threatening to distribute those videos and associated customer data to local media and across social networks unless Kraken complies with unspecified demands. The precise dollar figure of the extortion demand has not been publicly disclosed.
The pattern Percoco described is deliberate and scalable. “We have been collaborating with industry partners and law enforcement to investigate and disrupt insider recruitment efforts targeting not only crypto companies, but also gaming and telecommunications organizations,” he said.
That’s not opportunistic hacking. That’s a coordinated recruitment infrastructure operating across high-value data sectors, and Kraken is explicitly naming it as such, which matters for how the industry should respond.
Emerging crypto theft vectors increasingly target infrastructure access rather than on-chain exploits, and insider recruitment fits that same threat profile.
Discover: The best pre-launch token sales
Kraken crypto has not publicly specified which data categories were captured in the videos, including KYC documentation, wallet addresses, transaction history, or account metadata.
What is confirmed: approximately 2,000 individuals had their information viewed, and Kraken states it has already contacted everyone at risk. The access was read-only, and internal systems were not breached in the fuller sense of data being exfiltrated at scale.
The practical risk for affected users is not account takeover; no funds were accessed. The risk is targeted social engineering and physical exposure.
(Source – TRM Labs)
With names, addresses, and account-level data in criminal hands, affected users become targets for the same wrench attack vector that CertiK tracked, resulting in over $40 million in losses last year.
That figure is almost certainly undercounted, given the norms of underreporting. Kraken’s outreach to affected users is the right procedural step; whether that outreach included specific security guidance, hardware key recommendations, address changes, or heightened vigilance is not confirmed.
Discover: The best crypto to diversify your portfolio with
The post Kraken Says It Is Being Extorted Over Stolen Crypto User Data and Refuses to Pay appeared first on Cryptonews.
Article Source: cryptonews.com
The post Kraken Says It Is Being Extorted Over Stolen Crypto User Data and Refuses to Pay appeared first on Crypto Adventure.
