A Kraken Chief has confirmed the crypto exchange has been the subject of extortion as crypto’s security measures continue to raise questions.
Cryptocurrency exchange Kraken admitted it has been threatened with extortion by a criminal organisation which claims it has access to customer data.
On April 13, Kraken Chief Security Officer, Nick Percoco, said the crypto exchange was the subject of extortion claims, threatening to release videos of access to its internal systems.
Percoco assured Kraken customers in a post via X, stating: “Our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors.”
He also confirmed Kraken has already identified and shut down two previous attempts of accessing client support data in the past, with the first case happening in February 2025.
This saw a video circulating on a criminal website of Kraken customer data. The company was tipped off from a trusted source and then identified the individual who was a member of the support team.
Kraken revoked the individual’s access and additional security controls were implemented. A limited number of customers were affected.
The most recent case came after another tip alongside a new video displaying similar access to Kraken’s internal systems. Percoco revealed the company underwent the same investigation process, revoking access to those involved.
Kraken confirmed in the two cases involved, approximately 2,000 customers, which represents 0.02% of total customers, were affected by the data leaks.
Despite this, Kraken has confirmed it has now received extortion demands, threatening to leak customer data and internal system information in connection to both data leak cases. Percoco revealed the criminals are threatening to release the information on social media and media outlets if they do not comply.
He affirmed that Kraken “will not pay these criminals” and the company is confident it has enough evidence to identify and arrest those in connection to the extortion demands.
“We are actively working with federal law enforcement across multiple jurisdictions to pursue all individuals involved and bring them to justice,” said Percoco.
“Due to the ongoing investigation, we cannot share additional details at this time. However, anyone with relevant information is encouraged to contact us directly.
“The security of our clients is our highest priority, and we remain fully committed to combating the growing global threat of insider recruitment and constantly enhancing our security practices to combat new threats.”
Cause for concern for the US Federal Reserve?
Kraken’s recent security vulnerability could cause concern for the US Federal Reserve, which granted the crypto exchange a Fed Master Account earlier this year – the first crypto firm to be granted such access.
The account enables Kraken to access the central bank’s real-time payment rails, such as FedNow, as well as removing the need to settle transactions with third-party entities, accelerating payments for its US customers.
Kraken was granted a limited-purpose account to operate as a financial institution from the Kansas City Federal Reserve Bank, as well as establishing Kraken Financial in Wyoming to act as a regulated bank.
However, US government officials, such as Maxine Waters, Representative of the House Financial Services Committee, have questioned Kraken’s recent Fed Master Account and regulatory license approvals.

On 26 March, Waters sent a letter to Federal Reserve Bank of Kansas City President and CEO Jeff Schmid, requesting information regarding the Kansas City Fed’s recent decision to approve the limited purpose account.
“The Kansas City Fed’s announcement does not disclose specific information about Kraken’s access to the range of Federal Reserve financial services ‘due to the confidentiality of business information provided by applicants,” said Waters.
“However, the announcement raises questions about the approval because neither statute nor the Federal Reserve Board’s Account Access Guidelines refer to a ‘limited purpose account’ type.”
Previous crypto exchange extortion cases
There have been several cases of crypto exchanges being the target of extortion attempts in the past, as criminal organisations have claimed to have obtained private customer information.
One of the most recent cases happened to Coinbase. In 2025, the crypto exchange was the subject of bribery as criminals claimed to have stolen up to 69,000 accounts worth of customer information, demanding a $20m ransom. In response, Coinbase offered a $20m bounty for information of the criminals who were subsequently arrested.
In 2019, a hacker who went under the alias ‘The Guardian’ attempted to extort Binance by claiming it had access to customer information with photo evidence. The hacker demanded 300 Bitcoin but Binance refused to pay. Despite customer information being leaked in a Telegram group, it was eventually shut down and the hacker stopped his extortion attempts.
Arguably one of the more successful crypto extortion attempts happened in South Korea in 2017. Bithumb, the country’s largest crypto exchange, was hit with claims hackers had obtained information from over 30,000 Bithumb users.
Bithumb refused to comply and pay the hackers’ multi-million dollar ransom, to which the hackers responded by leaking the customer information. The hackers were later revealed to be the North Korea-based hacking organisation The Lazarus Group, which have conducted several crypto hacks in recent years, including a record $1.5bn hack of Bybit last year.
Nobody from the Lazarus Group was arrested in connection to the extortion and Bithumb ultimately had to pay fines of up to $55,000 to the Korea Communications Commission. The crypto exchange was also hit with more than 3,000 lawsuits from customers affected.