
Kraken has refused to pay criminals who attempted to extort the cryptocurrency exchange. The threat? Leak videos showing internal systems with visible client data.
The company disclosed two separate data-access incidents. One in February 2025. Another more recently. Approximately 2,000 user accounts were affected. Kraken’s now cooperating with U.S. federal law enforcement to identify and prosecute those responsible.
Chief Security Officer Nick Percoco characterized the incidents as “inappropriate access to user information, not a breach of Kraken’s core systems or customer funds.”
An unnamed criminal group demanded payment. The amount? Unspecified. They threatened to release the material. Kraken declined to negotiate.
The extortion attempt underscores persistent security vulnerabilities across the cryptocurrency exchange industry. Internal access controls remain a weak point. So do third-party staff.
Kraken’s experience mirrors a similar incident at Coinbase in May 2025. Cybercriminals reportedly threatened to leak user data. They demanded $20 million. Information on roughly 70,000 users was exposed through bribed customer-support contractors.
These episodes highlight how exchanges remain attractive targets. External hackers are one threat. Insider threats are another.
Percoco emphasized that Kraken’s core systems and customer funds weren’t compromised. But the unauthorized access to user information demonstrates real challenges. Securing sensitive data across operations isn’t easy.
Industry data from Nominis shows more than $178 million was lost to major crypto incidents in March 2026 alone. That’s a sharp increase from February. Authorization abuse remains the primary attack vector across the sector. Users unknowingly approve malicious transactions.
Kraken’s firm stance against paying extortionists may signal an industry shift. Add in active law enforcement cooperation. It’s a hardline policy designed to deter future blackmail attempts.
The approach stands in contrast to some companies. They’ve quietly settled with attackers to prevent data exposure. Security experts argue that only encourages further extortion campaigns.
The incidents affecting 2,000 accounts represent a relatively contained breach. Some industry examples are far worse. But they underscore ongoing risks even at established exchanges.
Regulatory scrutiny of crypto platforms is intensifying globally. How companies respond to security incidents matters. How they handle extortion attempts matters. Both increasingly shape user trust and compliance expectations.
