Kraken’s chief security officer said the exchange will not negotiate with a criminal group that attempted to extort the company by threatening to release videos showing client data.
In an X post, Nick Percoco described an extortion attempt in which an unnamed group demanded an unspecified sum and threatened to publish internal-system videos that allegedly displayed client information. Percoco said Kraken’s systems “were never breached” and user funds were not at risk, characterizing the incidents as unauthorized access to data rather than a system-wide compromise.
“We will not pay these criminals. We will not ever negotiate with bad actors,” Percoco wrote.
He said there were two incidents of “inappropriate access” — one in February 2025 and a more recent event — affecting roughly 2,000 user accounts. Kraken is cooperating with federal law enforcement on an investigation that could lead to arrests.
The incident underscores the ongoing importance of protecting personal data and user funds as the crypto industry grows. There have been multiple extortion attempts targeting crypto firms and individuals with digital-asset holdings.
A similar case occurred in May 2025 when Coinbase reported cybercriminals tried to extort $20 million by threatening to leak user data. That breach was tied to bribes paid to customer support contractors and affected data from about 70,000 users.
Blockchain intelligence firm Nominis reported that more than $178 million was lost across major crypto incidents in March 2026, up from $49.3 million in February. The report identified authorization abuse — victims unknowingly approving transactions that gave attackers direct access to funds — as the primary attack vector in multiple cases.