The company confirmed that its systems were not breached and that user funds remained secure. Kraken is working with law enforcement to investigate the case. Similar incidents have occurred across the industry, including a 2025 breach at Coinbase.
Kraken Foils Extortion Attempt
Kraken took a very firm stance against cybercriminals after its chief security officer, Nick Percoco, revealed that the company refused to engage with an extortion attempt targeting its internal systems and client data.
In a statement that was shared on X, Percoco explained that an unnamed group had demanded payment and threatened to release videos allegedly showing Kraken’s internal systems with visible client information. Despite the severity of the threat, he said that the exchange’s systems were never breached and that user funds remained secure throughout the incident.
Percoco made it clear that Kraken would not yield to pressure from bad actors, and stated that the company would not negotiate or comply with any ransom demands. While no direct breach occurred, Percoco acknowledged that there had been two separate incidents involving inappropriate access to client data, one in February of 2025 and another more recently, which impacted approximately 2,000 user accounts.
He added that Kraken is actively working with federal law enforcement agencies to investigate the group responsible, with the possibility of arrests as the case develops.
Kraken’s experience is not isolated. Coinbase faced a similar situation in May of 2025, when attackers attempted to extort $20 million by threatening to release user data obtained through bribed customer support contractors. That breach affected around 70,000 users.
Recent data further sheds some light on the scale of the issue. According to blockchain intelligence firm Nominis, crypto-related incidents resulted in losses exceeding $178 million in March of 2026, which was a sharp increase from $49.3 million recorded in February. A big portion of these losses stemmed from authorization abuse, where users were tricked into approving malicious transactions that granted attackers direct access to their funds.
Together, these developments prove that the threat landscape in the crypto industry is shifting, and protecting user data is just as critical as safeguarding digital assets.
