Kraken is facing an extortion attempt involving internal support system footage, with attackers claiming access to limited client data tied to roughly 2,000 accounts. The incident highlights growing risks from insider threats rather than external system breaches.
Chief Security Officer Nick Percoco said Monday that the exchange will not engage with the attackers, who are threatening to release videos of support staff accessing internal tools. Kraken maintains that no systems were compromised and customer funds remain secure. The company has already contained one extortion attempt and is working with federal law enforcement and external security experts.
Kraken Security Update
— Nick Percoco (@c7five) April 13, 2026
We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands. It’s important to start with the most important points: our systems were never…
Are Insider Threats Becoming Crypto’s Weakest Link?
The attackers reportedly obtained the footage through two separate internal incidents, including one in February involving a staff member recording internal systems. A second case followed a similar pattern, suggesting targeted efforts to exploit personnel rather than infrastructure vulnerabilities. Kraken said it identified the individuals involved and revoked their access in both instances.
“The security of our clients is our highest priority, and we remain fully committed to combating the growing global threat of insider recruitment,” Percoco said.
He added that Kraken is actively investigating broader efforts to recruit insiders across crypto, gaming, and telecommunications firms. But can exchanges fully mitigate risks when the threat originates from within trusted teams?
The issue reflects a wider pattern across the industry. Coinbase disclosed in 2024 that overseas contractors sold customer data affecting about 69,000 accounts, demonstrating how insider access can bypass traditional defenses. Security researchers have also linked North Korea-backed Lazarus Group to multiple infiltration attempts, with dozens of affiliated developers reportedly embedded in crypto projects.
Kraken said it has contacted affected users and continues to enhance monitoring of internal access controls. The next catalyst will be whether law enforcement identifies the group behind the extortion attempt and whether exchanges adopt stricter safeguards against insider-driven breaches.
