Kraken Reveals Extortion Demands After Client Data Incident: ‘We Will Not Pay’, Security Chief Says

Kraken, the US’s second-largest crypto change, has rejected extortion threats from a felony group after two incidents of unauthorized entry to restricted shopper assist information up to now 12 months, reigniting traders’ issues about insider threats.

Kraken Fights Back Extortion Demands

On Monday, Kraken’s Chief Security Officer (CSO), Nick Percoco, revealed {that a} felony group is extorting the crypto change, threatening to launch movies of their methods exposing shopper information.

In a safety replace, the CSO affirmed that Kraken had recognized and shut down two situations of inappropriate entry to restricted shopper assist information since 2025. Per the submit, the crypto change acquired a tip a few video shared on a felony discussion board. The video reportedly confirmed entry to Kraken’s shopper assist system.

The change “instantly launched an investigation and shortly recognized the person concerned as a member of our assist staff,” Percoco defined, “Their entry was revoked instantly, a full investigation was carried out, extra safety controls have been put in place and a restricted variety of affected purchasers have been notified.”

More not too long ago, they acquired one other tip with a brand new video displaying comparable exercise, prompting a brand new investigation to establish the events concerned, terminate their entry, and notify the affected purchasers.

“Shortly after entry was terminated, we started receiving extortion calls for,” the safety chief said. “The criminals threatened to distribute supplies from each the February 2025 incident and the latest incident to media shops and on social media if we didn’t comply.”

Percoco emphasised that the change’s methods have been by no means breached and funds have been by no means in danger. In addition, he famous that “solely a really small quantity” of shopper accounts, roughly 2,000 or 0.02% of purchasers, have been doubtlessly considered throughout each incidents.

Kraken has now publicly rejected the felony calls for, declaring that they “is not going to pay these criminals” and “is not going to ever negotiate with dangerous actors.”

In the announcement, the change highlighted that it has been collaborating with trade companions and legislation enforcement to “examine and disrupt insider recruitment efforts concentrating on not solely crypto corporations, but additionally gaming and telecommunications organizations.”

Based on intelligence gathered from the 2 incidents and in depth evaluation, Kraken believes there’s enough proof to establish and arrest all people concerned, however didn’t share extra particulars because the investigation continues. However, they urged anybody with related info to contact the change straight.

This incident comes only a month after Kraken scored a serious victory for the crypto trade, changing into the primary crypto firm with direct entry to the Federal Reserve’s core fee system after profitable the Kansas City Fed’s approval for a Fed grasp account.

Crypto Community Raises Insider Access Concerns

Crypto traders and Kraken customers on-line reacted to the information, questioning the change in regards to the particulars of the 2 incidents and criticizing the change for offshoring buyer assist employees.

“So, principally, you outsourced it to shady third-party corporations (and even worse, your inside recruiters are sleeping), and you bought hacked twice or extra. You made your prospects weak to wrench assaults,” an X person wrote underneath Percoco’s submit.

However, particulars of whether or not the inappropriate information entry was from an in-house assist staff or an abroad third-party assist employees haven’t been revealed but.

Another crypto group member pushed again on Kraken’s “very small quantity” of purchasers clarification, asserting that “this isn’t the metric you suppose it’s… of these 2000 accounts, they’re most likely those with balances value wrench attacking.”

Others drew a parallel between this incident and Coinbase’s information breach controversy from final 12 months. For context, Coinbase CEO Brian Armstrong revealed in May 2025 that malicious actors had bribed a handful of assist contractors abroad to entry the corporate’s inside instruments.

This led to the leak of names, e mail addresses, restricted transaction information, and partial Social Security numbers of round 1% of the change’s customers. Then, the attackers tried to blackmail Coinbase utilizing the breached info, demanding a $20 million Bitcoin (BTC) ransom for the delicate information.

Reuters later alleged that Coinbase had been conscious of the client information leak months earlier than it disclosed it, additionally elevating issues about transparency and insider threats.