Kraken, the US’s second-largest crypto exchange, has rejected extortion threats from a criminal group after two incidents of unauthorized access to limited client support data in the past year, reigniting investors’ concerns about insider threats.
Kraken Fights Back Extortion Demands
On Monday, Kraken’s Chief Security Officer (CSO), Nick Percoco, revealed that a criminal group is extorting the crypto exchange, threatening to release videos of their systems exposing client data.
In a security update, the CSO affirmed that Kraken had identified and shut down two instances of inappropriate access to limited client support data since 2025. Per the post, the crypto exchange received a tip about a video shared on a criminal forum. The video reportedly showed access to Kraken’s client support system.
The exchange “immediately launched an investigation and quickly identified the individual involved as a member of our support team,” Percoco explained, “Their access was revoked immediately, a full investigation was conducted, additional security controls were put in place and a limited number of affected clients were notified.”
More recently, they received another tip with a new video showing similar activity, prompting a new investigation to identify the parties involved, terminate their access, and notify the affected clients.
“Shortly after access was terminated, we began receiving extortion demands,” the security chief stated. “The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply.”
Percoco emphasized that the exchange’s systems were never breached and funds were never at risk. In addition, he noted that “only a very small number” of client accounts, approximately 2,000 or 0.02% of clients, were potentially viewed across both incidents.
Kraken has now publicly rejected the criminal demands, declaring that they “will not pay these criminals” and “will not ever negotiate with bad actors.”
In the announcement, the exchange highlighted that it has been collaborating with industry partners and law enforcement to “investigate and disrupt insider recruitment efforts targeting not only crypto companies, but also gaming and telecommunications organizations.”
Based on intelligence gathered from the two incidents and extensive analysis, Kraken believes there is sufficient evidence to identify and arrest all individuals involved, but did not share additional details as the investigation continues. However, they urged anyone with relevant information to contact the exchange directly.
This incident comes just a month after Kraken scored a major victory for the crypto industry, becoming the first crypto company with direct access to the Federal Reserve’s core payment system after winning the Kansas City Fed’s approval for a Fed master account.
Crypto Community Raises Insider Access Concerns
Crypto investors and Kraken users online reacted to the news, questioning the exchange about the details of the two incidents and criticizing the exchange for offshoring customer support staff.
“So, basically, you outsourced it to shady third-party companies (or even worse, your internal recruiters are sleeping), and you got hacked twice or more. You made your customers vulnerable to wrench attacks,” an X user wrote under Percoco’s post.
However, details of whether the inappropriate data access was from an in-house support team or an overseas third-party support staff have not been revealed yet.
Another crypto community member pushed back on Kraken’s “very small number” of clients clarification, asserting that “this is not the metric you think it is... of those 2000 accounts, they are probably the ones with balances worth wrench attacking.”
Others drew a parallel between this incident and Coinbase’s data breach controversy from last year. For context, Coinbase CEO Brian Armstrong revealed in May 2025 that malicious actors had bribed a handful of support contractors overseas to access the company’s internal tools.
This led to the leak of names, email addresses, limited transaction records, and partial Social Security numbers of around 1% of the exchange’s users. Then, the attackers attempted to blackmail Coinbase using the breached information, demanding a $20 million Bitcoin (BTC) ransom for the sensitive data.
Reuters later alleged that Coinbase had been aware of the customer data leak months before it disclosed it, also raising concerns about transparency and insider threats.
The total crypto market capitalization is at $2.43 trillion in the one-week chart. Source: TOTAL on TradingView
