April 13, 2026 — Kraken's Chief Security Officer Nick Percoco posted a security update on X that immediately rippled across the global crypto community. The message was blunt: Kraken is being extorted.
An unidentified criminal group threatened to release videos showing internal exchange systems with visible client data unless the platform met their financial demands. No server breach. No smart contract exploit. The vulnerability was human.
What Actually Happened at Kraken
Two employees on Kraken's support team — one identified in February 2025, another more recently — had gained unauthorized access to customer service systems and recorded what they saw. Those videos then circulated on dark web criminal forums. Once Kraken revoked their access, the extortion escalated: pay up, or the footage goes public.
Approximately 2,000 accounts were potentially viewed — roughly 0.02% of the total user base. All affected customers have already been contacted directly by Kraken.
Nick Percoco: "We Will Not Pay"
Percoco's tone left zero room for interpretation:
"Our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors."
Kraken Security Update
— Nick Percoco (@c7five) April 13, 2026
We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands. It's important to start with the most important points: our systems were never…
Kraken has opened a multi-jurisdictional collaboration with federal law enforcement. Percoco stated that sufficient evidence exists to identify and prosecute those responsible, though further details are being withheld to avoid compromising the ongoing investigation.
The closest precedent: in 2025, Coinbase faced a near-identical situation after criminals bribed support staff and demanded $20 million. Coinbase refused to pay and reported the incident to authorities — the same playbook Kraken is now following.
For deeper background, SpazioCrypto's coverage of hacks and scams targeting crypto exchanges tracks the full history of these incidents.
A Systemic Insider-Threat Problem Across the Industry
Kraken was explicit that this is not an isolated incident. The exchange is working with industry partners to map criminal networks specializing in insider recruitment — not just in crypto, but across gaming and telecoms too. This is a structural problem, not a one-off breach.
Galaxy Digital separately confirmed it recently contained a similar incident in an isolated development workspace, with no customer data or funds at risk.
The pattern that keeps emerging is one that crypto security professionals have long understood: the technology holds. It is the people — not the protocols — that represent the hardest attack vector to defend against. MiCA and emerging EU regulatory frameworks increasingly require exchanges operating in Europe to maintain documented insider-threat programs, a standard that incidents like this will accelerate.
As of April 14, 2026, no video has been published publicly. Kraken's operations continue normally. The investigation remains open — and the industry is watching closely.
