Kraken Chief Security and Information Officer Nick Percoco revealed on April 13, 2026, via a post on
Percoco stated that the platforms have never been hacked, customer funds remain safe, and that Kraken will not negotiate with attackers under any circumstances. The exchange has notified all potentially affected clients directly and confirmed that it is cooperating with federal law enforcement authorities across multiple jurisdictions, with Percoco describing the available evidence as sufficient to support arrests.
We believe this is less a story about a single extortion attempt than a structural signal about the maturation of insider threat operations targeting cryptocurrency exchanges – a threat class that combines social engineering, criminal recruiting networks, and data exploited as a monetization mechanism, and which exchanges’ security architectures have historically not been designed to overcome at the access control layer.
discovers: The Best Cryptocurrencies You Can Buy Right Now – Updated CoinSpeaker Guide
Kraken Extortion Incident: Two insider access incidents, one extortion request, and what the exchange confirmed
The mechanism behind the extortion threat works as follows: In February 2025, Kraken received information that a video documenting unauthorized access by a member of the support team was circulating on a criminal forum; The exchange launched an internal investigation, revoked relevant access, and implemented enhanced security controls.
A second, structurally similar incident occurred in early 2026, where another member of the support team was identified as having accessed internal customer support systems without authorization; Kraken has terminated that individual’s access and notified affected customers.
Blackmail demands emerged immediately after the access was cut off in the second incident, with the attackers threatening to release the recorded material to media outlets and social media platforms if their demands were not met.
Kraken security update
We are currently being blackmailed by a criminal group threatening to release videos of our internal systems showing customer data if we do not comply with their demands. It is important to start with the most important points: our systems have never been…
– Nick Percoco (@c7five) April 13, 2026
The data obtained by the attackers, according to Kraken’s disclosure, is limited to support level information — customer support system records for nearly 2,000 affected accounts — with no private keys, trading infrastructure, or customer funds involved. No video footage was released publicly until Percoco’s statement on April 13.
Percoco described the exchange’s position directly: “The security of our clients is our top priority, and we remain fully committed to combating the growing global threat of insider recruitment” – a characterization that clearly places the incident in the context of criminal networks that systematically target high-value sectors rather than as an isolated operational failure.
It is necessary to note the epistemological status of many details here: the specific identity of the attackers, the precise nature of their demands, and the full scope of the recorded material remain unconfirmed in Kraken’s public disclosures. What the exchange has confirmed is the timeline, scope of access, notification position and non-payment decision.
explores: Best meme coins to watch – updated CoinSpeaker rankings
Insider Recruitment as a Systemic Risk to Stock Exchanges: What the Kraken Pattern Reveals About the Evolving Cryptocurrency Threat Surface
The pattern documented in the two Kraken incidents — where an insider was recruited or forced to record access sessions, followed by a blackmail request to profit from that footage — is consistent with what security analysts have described as crime infrastructure as a service, where criminal networks provide recruiting pipelines, technical guidance, and monetization channels for agents embedded within targeted organizations.
Cryptocurrency exchanges, gaming companies, and telecommunications providers have emerged as favored targets due to their combination of high-value data, external or contractual support roles, and reputational sensitivity to detecting breaches.
I imagine this breaks the record for the fastest time between having a key Fed account and being subjected to a massive hack https://t.co/kJGjlY7DQM
-Amanda Fischer (@amandalfischer) April 13, 2026
the Drift protocol exploit worth $270 million Attributed to state-linked actors in North Korea demonstrated the highest level of damage that sophisticated threat actors can inflict on cryptocurrency infrastructure; The Kraken incidents demonstrate that the lower end of the attack surface — access to the support level, not the core systems — holds its own.
We believe Kraken’s decision to disclose both incidents, coordinate with law enforcement across multiple jurisdictions, and publicly reject negotiations represents a deliberate signaling strategy as much as an operational response – an attempt to demonstrate that racketeering against the exchange carries legal, not financial, consequences.
We expect further disclosures to follow once an active multi-jurisdictional investigation permits, including details about the findings of the arrest and the specific insider threat controls Kraken implemented after each incident. Unaffected users do not need to take any action, according to the exchange’s guidance.
explores: Kraken’s main account: Inside the congressional inquiry from Rep. Maxine Waters
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to provide accurate and timely information but should not be considered financial or investment advice. Since market conditions can change rapidly, we encourage you to verify the information yourself and consult with a professional before making any decisions based on this content.
Neil is a professional cryptocurrency content writer with years of experience. He has written for numerous cryptocurrency websites to report breaking news, and has been hired by all kinds of cryptocurrency projects, to create content that will increase their exposure and attract more potential investors.
