Kraken Refuses to Pay Extortionists: 2,000 Client Accounts Exposed by Former Employees

📋 En bref (TL;DR)
- 2,000 client accounts exposed: two former Kraken support employees accessed sensitive data before being terminated
- Kraken refuses to pay: CSO Nick Percoco states the exchange will never negotiate with criminals
- Data listed on dark web: KYC documents, transaction histories, and selfies offered for $1 on a Russian-language forum
- No client funds at risk: read-only access to the support panel, no access to wallets or trading systems
- Coinbase precedent: 69,461 clients affected in 2024 through a similar insider corruption scheme
- Growing insider recruitment threat: Kraken describes this practice as a global threat targeting crypto, gaming, and telecoms
On April 13, 2026, Nick Percoco, Kraken’s Chief Security Officer (CSO), revealed on X that the exchange is facing an extortion attempt. A criminal group is threatening to publish videos showing access to the platform’s internal systems, obtained by bribing two former support employees. Kraken‘s response: “We will not pay these criminals.”
Two internal incidents, one pattern
The case involves two separate insider threat incidents — not a system hack.
First incident (February 2025)
Kraken received a tip: a video was circulating on a criminal forum showing the exchange’s internal systems with client data visible. The internal investigation identified the employee involved. Access was immediately revoked, the employee was terminated, and affected clients were notified.
Second incident (early 2026)
A second similar case was discovered. Same procedure: identification, termination, notification. Shortly after the second access was cut off, extortion demands began — the group threatened to distribute the videos to media.
Data on the dark web
In January 2026, a seller using the handle “ransomcharger” offered access to Kraken’s internal support panel on a Russian-language forum for $1. The listing included: KYC documents, transaction histories, support tickets, selfies, and official ID documents.
“We will not pay”: Kraken’s hard line
Nick Percoco was categorical in his public statement:
“Our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors.”
Key facts:
- ~2,000 accounts potentially accessed, representing 0.02% of the client base
- Read-only access to the support panel — no access to wallets or trading systems
- No client funds were at risk
- Kraken has sufficient evidence to identify and arrest those responsible
- Active collaboration with law enforcement across multiple jurisdictions
The Coinbase precedent: 69,000 clients affected
The pattern is familiar. In December 2024, Coinbase suffered a similar breach: offshore support agents were bribed to steal data from 69,461 clients — names, emails, phone numbers, KYC data, wallet balances, and transaction histories.
Coinbase also refused to pay the $20 million ransom, instead creating a $20M reward fund for information leading to arrests. The corrupted agents were paid $200 per screenshot of client data.
Comparison: Kraken limited the damage to 2,000 accounts (0.02%) versus 69,461 for Coinbase — a gap suggesting faster detection of anomalous behavior.
Insider recruitment: a systemic threat
Kraken describes insider recruitment as a growing global threat targeting the crypto, gaming, and telecommunications sectors. The principle: instead of attacking computer systems (often well-protected), criminals bribe employees with legitimate access.
This trend is confirmed by the numbers:
- FBI (April 2026): $11.4 billion in crypto fraud in 2025 (+22%)
- Chainalysis: $17 billion in total crypto fraud in 2025 (record)
- AI-boosted scams generate 4.5x more revenue per operation
- North Korean hackers infiltrate crypto companies through fake IT worker profiles
Sensitive timing: Kraken’s IPO on ice
The incident comes at a delicate time for Kraken. In March 2026, the exchange froze its IPO plans after a confidential filing with the SEC in November 2025. Target valuation: $20 billion, with a raise including $200M from Citadel Securities.
How to protect yourself as a user
Even if your funds aren’t directly threatened by this type of incident, stolen data can be used for targeted phishing:
- Be suspicious of any email, SMS, or call mentioning your Kraken (or any exchange) account
- Never click on links in emails claiming to be from your exchange
- Enable two-factor authentication (2FA) with an app (not SMS)
- Use a dedicated email for your crypto accounts
- Regularly check your account login history
📚 Glossary
- Kraken: Cryptocurrency exchange founded in 2011 in San Francisco. One of the world’s largest exchanges, valued at $20 billion.
- Insider threat: A security risk originating from an employee or contractor with legitimate system access who uses that access maliciously or is corrupted by a third party.
- KYC (Know Your Customer): Mandatory identity verification procedure on regulated platforms: ID, selfie, proof of address. This data is a prime target for cybercriminals.
- Phishing: A fraud technique using communications mimicking legitimate services to steal information. Stolen KYC data enables highly targeted and credible phishing attacks.
- 2FA (Two-Factor Authentication): A security method adding a second verification layer (temporary code via an app) beyond the password. Essential on every crypto account.
- Dark web: Part of the internet accessible only through specialized software (Tor). Stolen data is frequently sold on specialized forums there.
Frequently Asked Questions
What happened with Kraken in April 2026?
Two former Kraken support employees were bribed by a criminal group to access data from ~2,000 accounts (0.02% of the client base). The systems were never hacked and no funds were at risk. Kraken refuses to pay the extortion demand.
Are my funds on Kraken at risk?
No. According to Kraken, the ex-employees had read-only access to the support panel. They had no access to wallets, trading systems, or funds. However, if you’re a Kraken client, remain vigilant against targeted phishing.
How can I tell if my Kraken account was affected?
Kraken directly notified the ~2,000 potentially affected users. If you haven’t received a notification, your account is likely not affected. You can contact Kraken’s official support for confirmation.
How can I protect myself from data theft on a crypto exchange?
Enable two-factor authentication (2FA) via an app (not SMS). Use a dedicated email for crypto accounts. Never click links in emails. Regularly check login history. Don’t store large amounts on an exchange — use a hardware wallet.
Is Kraken still going public?
Kraken froze its IPO plans in March 2026 due to difficult market conditions, after a confidential SEC filing. The target valuation is $20 billion. The process could resume if conditions improve.
📰 Sources
This article is based on the following sources:
- Decrypt – “We Will Not Pay These Criminals”: Crypto Exchange Kraken Is Being Extorted (April 13, 2026)
- CoinDesk – Kraken targeted in extortion attempt (April 13, 2026)
- Protos – Kraken confirms extortion attempt after 2,000 clients’ data stolen (April 13, 2026)
- Crypto.news – Kraken refuses ransom after internal extortion attempt (April 14, 2026)
How to cite this article: Fibo Crypto. (2026). Kraken Refuses to Pay Extortionists: 2,000 Client Accounts Exposed by Former Employees. Retrieved April 14, 2026 from fibo-crypto.fr
The simplest way to buy, swap and manage your crypto
Join the first users and get priority access. No seed phrase, fees 3.5x lower, built-in DeFi yield.
Get early access →


