Kraken security chief says exchange won't negotiate as it faces extortion threat

Quick Take
- About 2,000 Kraken accounts “were potentially viewed” across two security breaches.
- Kraken Chief Security Officer Nick Percoco said the exchange is being extorted by bad actors who obtained videos of internal security systems and limited customer data.
We'd love your feedback.
Kraken is reportedly facing an ongoing extortion attempt by an unnamed criminal group, according to the exchange’s Chief Security Officer Nick Percoco.
According to a message on X on Monday, the attackers obtained videos showing Kraken support staff accessing internal client support systems and limited client data, and are threatening to leak those videos unless Kraken pays up.
Percoco said no systems were breached, and customer funds are not at risk. The exchange, which "will not ever negotiate with bad actors," is collaborating with federal law enforcement and industry security experts, and has already shut down one extortion attempt.
"The security of our clients is our highest priority, and we remain fully committed to combating the growing global threat of insider recruitment and constantly enhancing our security practices to combat new threats," Percoco said on X.
The attackers reportedly accessed these videos via two separate incidents, including a situation in February where it appears a member of the Kraken support team filmed internal systems, and a more recent example following a similar pattern of access.
In both cases, Kraken moved to quickly identify the internal threat and remove their access.
About 2,000 Kraken accounts "were potentially viewed" across the security breaches, and Kraken said it has moved to contact anyone impacted.
Internal risks
Kraken is not alone in facing internal security breaches. Percoco noted the company is also collaborating to "investigate and disrupt insider recruitment efforts targeting not only crypto companies, but also gaming and telecommunications organizations."
Last year, for instance, Coinbase disclosed a significant security breach after overseas support contractors sold customer information affecting about 69,000 accounts.
Lazarus Group, the hacking collective backed by the North Korean government, is known for being particularly adept at planting bad actors within legitimate companies. Crypto researchers have identified at least 60 known Lazarus-affiliated coders who had been employed by crypto projects, according to the satirical hiring portal Lazarus Group.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

