TLDR
- Criminal organization demanding payment from Kraken in exchange for not releasing videos showing internal system operations
- Chief Security Officer Nick Percoco confirms no breach occurred and all customer funds remain secure
- Approximately 2,000 user accounts were potentially accessed during two incidents in February 2025 and a more recent occurrence
- Federal authorities are investigating while Kraken has successfully prevented one extortion effort
- Similar attack targeted Coinbase in May 2025, with criminals demanding $20 million after compromising data from approximately 70,000 customers
A cryptocurrency exchange is standing firm against blackmail attempts after criminals obtained video recordings of its backend operations and are threatening public disclosure. Kraken’s Chief Security Officer, Nick Percoco, publicly announced the exchange’s position on X this Monday.
According to Percoco, the threat actors managed to record Kraken customer support personnel while they were working with internal client management systems. This footage is now being weaponized to extract an undisclosed sum from the platform.
“We will not pay these criminals,” Percoco declared. “We will not ever negotiate with bad actors.”
The exchange has verified that no complete system compromise took place. At no time were customer assets in jeopardy during either security incident.
This situation stems from two distinct events. The initial occurrence took place in February 2025, when evidence suggests a Kraken support employee recorded internal operational systems. A subsequent incident with similar characteristics happened more recently.
In each instance, Kraken responded swiftly to detect the security risk and terminate unauthorized access. The platform reports successfully neutralizing one extortion scheme linked to these activities.
Approximately 2,000 accounts on Kraken’s platform may have been observed during these two separate events. The company has proactively contacted all potentially impacted users.
Federal Law Enforcement Involved
Kraken has engaged federal law enforcement agencies to pursue the criminal organization behind these threats. Percoco indicated the ongoing investigation may result in criminal charges.
The platform is additionally consulting with cybersecurity specialists across the industry. Percoco noted the company is partnering to “investigate and disrupt insider recruitment efforts” that target cryptocurrency, gaming, and telecommunications organizations.
Internal security threats have emerged as an escalating concern throughout the digital asset sector. The notorious North Korean cybercriminal organization Lazarus Group has been documented infiltrating legitimate businesses with operatives, with security researchers documenting no fewer than 60 confirmed Lazarus-connected developers working within cryptocurrency ventures.
Coinbase Faced a Similar Attack
This isn’t the first instance of a prominent exchange confronting such extortion tactics. During May 2025, Coinbase revealed that cybercriminals demanded $20 million to prevent the release of customer information.
That security incident impacted approximately 70,000 platform users and resulted from bribes paid to international customer service contractors.
Cryptocurrency security breaches have shown an upward trend overall. Beyond $178 million was stolen through significant crypto-related incidents during March 2026, a sharp increase from $49.3 million recorded in February, based on data from blockchain analytics company Nominis.
Authorization exploitation emerged as the predominant attack vector in March, where targets inadvertently approved transactions granting attackers direct control over their digital assets.
Percoco emphasized that protecting Kraken clients remains the platform’s “highest priority” and reaffirmed ongoing efforts to strengthen defenses against emerging security challenges.
