news

Kraken Won’t Negotiate With Hackers Over Client Data Threat

Nahid
Published: April 14, 2026
4 min read
Kraken Won’t Negotiate With Hackers Over Client Data Threat

STAY UPDATED WITH COTI

Follow COTI across social media platforms to get the latest news, updates and community discussions.

X IconFollow on XTelegram IconJoin Telegram
Make us preferred on Google

Summary:

  • Crypto exchange Kraken confirms an extortion attempt by a criminal group
  • Company says its systems were not breached and user funds remained safe
  • Around 2,000 accounts were potentially viewed through limited internal access incidents
  • Kraken refuses to negotiate, working with law enforcement to track down attackers
  • Case highlights growing insider threats and data-focused attacks in crypto

Crypto exchange Kraken is facing a serious extortion attempt but it's not backing down. In a public statement, Chief Security Officer Nick Percoco revealed that a criminal group had threatened to release internal videos allegedly showing client data unless their demands were met. The response from Kraken was direct and firm.

"our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors." Source

According to the company, the attackers claimed to possess footage from internal systems. But Kraken clarified early on that this was not the result of a system-wide breach. Instead, the situation stemmed from two isolated incidents involving improper internal access. While the headlines point to a data threat, Kraken is making it clear this wasn't a hack in the traditional sense - no wallets drained, no infrastructure compromised. Still, the situation shows how sensitive even limited internal access can be when it falls into the wrong hands.

Inside the Incident: Limited Access, Real Consequences

The issue traces back to February 2025, when Kraken received a tip about a video circulating on a criminal forum. The video appeared to show access to internal client support systems. The company quickly investigated and identified the source as a member of its own support staff. Access was revoked immediately. A deeper review followed, new security measures were introduced, and affected users were notified.

Then, a second similar incident surfaced more recently. In total, about 2,000 accounts - roughly 0.02% of Kraken's user base - were potentially exposed to limited viewing. That number is small relative to the platform's scale, but it still represents real people and real data.

"Kraken identified and shut down two instances of inappropriate access to limited client support data." Source

Shortly after both incidents were contained, the extortion attempt began. The attackers threatened to release the material publicly unless Kraken complied with their demands. But the company didn't engage. Instead, Kraken moved in a different direction - working alongside law enforcement and industry partners to identify those behind the operation. According to Percoco, there is already enough intelligence to support potential arrests.

"We are actively working with federal law enforcement across multiple jurisdictions to pursue all individuals involved and bring them to justice." Source

This response reflects a broader shift in how major crypto firms are handling threats. Paying ransom is increasingly seen as enabling further attacks. Refusing to engage, while risky in the short term, aims to break that cycle.

A Growing Threat: Insider Access and Crypto Security

This case highlights a different kind of risk - not external hackers breaking in, but insiders or recruited individuals misusing access. Crypto platforms have spent years strengthening defenses against outside attacks. But as those defenses improve, attackers are shifting tactics. Instead of forcing their way in, they try to get in through people. Kraken's statement hints at this wider pattern. The company said it has been tracking "insider recruitment efforts" not just in crypto, but also across gaming and telecom sectors. These efforts involve targeting employees with access to sensitive systems and attempting to exploit that access for financial gain.

It's a quieter threat, but often harder to detect. And unlike a traditional breach, insider incidents don't always trigger alarms immediately. Access may appear legitimate on the surface, even while being misused behind the scenes. This is why the company emphasized that only "a very small number" of accounts were affected and that additional controls have already been put in place. But it also shows how even limited exposure can escalate into something bigger - like an extortion attempt. Currently, The crypto industry is dealing with rising cases of fraud, data leaks, and targeted attacks. As platforms grow and handle more user data, they become bigger targets. For users, Even when funds are safe, data exposure can still create risks. Phishing attempts, impersonation, and social engineering often start with small pieces of leaked information.

Closing Thoughts 

Kraken's has already taken steps to limit damage, notify affected users, and strengthen its systems. Now the focus shifts to accountability. With law enforcement involved across multiple jurisdictions, the case could lead to arrests - something that remains relatively rare in crypto-related extortion cases. At the same time, Kraken's transparency helps shape how the industry responds to similar threats.

READ MORE: UK-Led Operation Atlantic Freezes $12M in Crypto Scam Funds, Identifies 20,000 Victims

Related Topics

#Kraken#Exchange hack#Hack#Kraken hack

About the Project

Crypto News

About the Author

Nahid

Nahid

Nahid is a contributor at CotiNews from Bangladesh, covering developments across the COTI ecosystem. His work focuses on breaking down complex updates, technical concepts, and ecosystem news into clear, accessible stories for a wider audience.

View all articles

Disclaimer

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official stance of CotiNews or the COTI ecosystem. All content published on CotiNews is for informational and educational purposes only and should not be construed as financial, investment, legal, or technological advice. CotiNews is an independent publication and is not affiliated with coti.io, coti.foundation or its team. While we strive for accuracy, we do not guarantee the completeness or reliability of the information presented. Readers are strongly encouraged to do their own research (DYOR) before making any decisions based on the content provided. For corrections, feedback, or content takedown requests, please reach out to us at

contact@coti.news

Stay Ahead of the Chain

Subscribe to the CotiNews newsletter for weekly updates on COTI V2, ecosystem developments, builder insights, and deep dives into privacy tech and industry.
No spam. Just the alpha straight to your inbox.

We care about the protection of your data. Read our Privacy Policy.