Crypto exchange Kraken had just admitted that they are being extorted by a criminal group threatening to release sensitive customer data if the exchange refuses to comply with their demands.

Kraken’s Chief Security Officer Nick Percoco went public with the standoff, revealing that attackers are threatening to release videos showing internal systems and customer data unless their demands are met.

But Kraken is unwilling to yield and is now working with law enforcers to investigate the criminal group.

“We will not pay these criminals; we will not ever negotiate with bad actors.”

This incident is a deja vu of a 2025 incident, where the firm received a tip that a video was taken of an employee keying in sensitive customer information on the internal system.

In both cases, Kraken acted quickly to identify the threat and cut off access. The company says it has already shut down one extortion attempt connected to this activity.

While no customer funds were compromised, roughly 2,000 users may have had their data viewed. Kraken says all affected individuals have already been notified.

Behind the scenes, the company is now working closely with law enforcement across multiple jurisdictions, with Percoco stating there is “sufficient evidence” to identify and arrest those responsible.

Insider threats rise as crypto security risks evolve

The incident underscores a growing trend in crypto security: attacks are increasingly targeting people, not just protocols.

Kraken noted ongoing efforts to combat insider recruitment schemes affecting not only crypto firms, but also gaming and telecom companies—suggesting a broader cybercrime playbook aimed at exploiting human vulnerabilities.

At the same time, physical “wrench attacks”—where victims are coerced or attacked to hand over crypto access—are on the rise. According to CertiK, such incidents surged more than 75% year-over-year, with over $40 million in losses reported in 2025 alone.

The extortion threat also comes at a sensitive moment for Kraken’s business trajectory.

The exchange had confidentially filed for an IPO in late 2025 but has since delayed those plans amid challenging market conditions. The latest security incident adds another layer of scrutiny as the company navigates both regulatory and operational pressures.

The situation mirrors past industry incidents, including a 2024 data breach at Coinbase, where attackers bribed customer support staff to access sensitive user information.

A defining moment for crypto’s response to cybercrime

Kraken’s refusal to negotiate marks a notable stance in an industry often forced into difficult decisions when facing extortion.

Instead of paying to contain the damage, the exchange is betting on law enforcement, transparency, and prosecution to deter future attacks.

As crypto threats evolve—from smart contract exploits to insider leaks and real-world coercion—this case highlights a shifting battleground: one where security is no longer just about code, but about controlling access, trust, and human risk.

For Kraken, the message is clear: no deals with attackers—only accountability.