Kraken Says It Is Being Extorted Over Stolen Crypto User Data and Refuses to Pay

Kraken confirmed Monday it’s being extorted by a felony group holding movies of inner techniques containing buyer information, and the crypto change has publicly refused to comply.

Chief Security Officer Nick Percoco disclosed the menace via X on April 13, 2026, stating the agency is working with federal regulation enforcement throughout a number of jurisdictions to pursue arrests.

The refusal is the precise name. It’s additionally a calculated institutional sign at a second when change belief is structurally fragile.

Key Takeaways:

What was breached: Internal techniques containing buyer information had been accessed through insider recruitment – no full system compromise and no buyer funds had been in danger, in accordance to Kraken.
Scope: Approximately 2,000 people probably had their data seen, representing roughly 0.02% of Kraken’s whole person base; all affected customers have been contacted.
Extortion mechanism: Criminals are threatening to launch movies of Kraken’s inner techniques and distribute buyer information fragments to media and social platforms until calls for are met.
Kraken’s response: Percoco acknowledged publicly: “We is not going to pay these criminals; we is not going to ever negotiate with dangerous actors” – and confirmed lively federal regulation enforcement engagement throughout a number of jurisdictions.
Insider sample: A February 2025 incident concerned an identical video shared on a felony discussion board; in each instances, a person from inside the firm was recognized.
Sector context: Wrench assaults on crypto business personnel elevated greater than 75% year-over-year, with CertiK attributing over $40 million in confirmed losses to such assaults final 12 months.
Watch: Whether regulation enforcement arrests materialize and how Kraken’s delayed IPO timeline absorbs the reputational publicity from a second consecutive safety incident.

How Kraken Crypto Breach and Extortion Mechanics Actually Worked

This was not a credential-scraping exploit or a protocol vulnerability. The entry level in each the February 2025 incident and the present extortion menace was insider recruitment; compromised people inside Kraken’s group granted entry to inner techniques, enabling reconnaissance reasonably than a full breach.

The entry seems to have been read-only, adequate to seize buyer information on video with out triggering speedy detection.

Percoco confirmed that Kraken obtained a tip a couple of video showcasing delicate buyer data from its inner crypto techniques, the identical mechanism used within the February 2025 case, when an identical video surfaced on a felony discussion board.

In each situations, an inner actor was recognized. The criminals at the moment are threatening to distribute these movies and related buyer information to native media and throughout social networks until Kraken complies with unspecified calls for. The exact greenback determine of the extortion demand has not been publicly disclosed.

Kraken Security Update

We are presently being extorted by a felony group threatening to launch movies of our inner techniques with consumer information proven if we don’t adjust to their calls for. It’s essential to begin with an important factors: our techniques had been by no means…

— Nick Percoco (@c7five) April 13, 2026

The sample Percoco described is deliberate and scalable. “We have been collaborating with business companions and regulation enforcement to examine and disrupt insider recruitment efforts concentrating on not solely crypto corporations, but additionally gaming and telecommunications organizations,” he stated.

That’s not opportunistic hacking. That’s a coordinated recruitment infrastructure working throughout high-value information sectors, and Kraken is explicitly naming it as such, which issues for the way the business ought to reply.

Emerging crypto theft vectors increasingly target infrastructure access rather than on-chain exploits, and insider recruitment suits that very same menace profile.

Discover: The best pre-launch token sales

What User Data Was Actually Exposed – and What That Enables

Kraken crypto has not publicly specified which information classes had been captured within the movies, together with KYC documentation, pockets addresses, transaction historical past, or account metadata.

What is confirmed: roughly 2,000 people had their data seen, and Kraken states it has already contacted everybody in danger. The entry was read-only, and inner techniques weren’t breached within the fuller sense of information being exfiltrated at scale.

The sensible threat for affected customers isn’t account takeover; no funds had been accessed. The threat is focused social engineering and bodily publicity.

(Source – TRM Labs)

With names, addresses, and account-level information in felony fingers, affected customers change into targets for a similar wrench assault vector that CertiK tracked, leading to over $40 million in losses final 12 months.

That determine is sort of definitely undercounted, given the norms of underreporting. Kraken’s outreach to affected customers is the precise procedural step; whether or not that outreach included particular safety steering, {hardware} key suggestions, handle adjustments, or heightened vigilance isn’t confirmed.

Discover: The best crypto to diversify your portfolio with

The put up Kraken Says It Is Being Extorted Over Stolen Crypto User Data and Refuses to Pay appeared first on Cryptonews.