Kraken's Excellent Extortion Refusal Adventure: We Won't Pay, You Won't Win, Here's 2,000 Apology Emails

Crypto exchange Kraken is currently starring in its own real-life crypto thriller, complete with insider villains, shadowy extortionists, and a plot twist involving 2,000 apology emails—because nothing says “we’ve got this under control” like mass inbox flooding with slightly awkward “oops, someone peeked” notes. The Wyoming-based firm confirmed it thwarted an extortion attempt by a criminal group threatening to leak videos showing unauthorized access to internal systems. Spoiler: it wasn’t a breach, just a couple of bad apples in the support team who apparently thought “client privacy” was more of a guideline than a rule.

"Our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors," declared Nick Percoco, Kraken’s chief security and information officer, in a post on X that radiated more confidence than a degen after a 10x moonshot. His tone? Equal parts cyber-cop and crypto-dad: disappointed but unshaken.

The first episode of this support-team soap opera aired in February 2025, when Kraken caught wind of a video doing the rounds on a sketchy criminal forum—the kind of place where hackers go to flex and flex only. An internal probe swiftly ID’d the culprit, revoked their digital keys, and triggered a security system upgrade. Affected clients got the awkward phone call no one wants: “Hey, turns out someone on our team took a peek at your account. Not cool. Also, no funds were touched. Sorry!”

Cut to the present: déjà vu with a second video and another tip. Kraken played the same playbook—identify, terminate, notify—and executed it like a well-oiled DeFi contract. The repeat performance suggests the scriptwriters (i.e., criminals) aren’t very original, but at least Kraken’s incident response team is getting reps in.

Security incidents in crypto are about as rare as influencer pump calls in a bear market. The industry’s toxic cocktail of high-value assets, borderless transactions, and human fallibility makes it a magnet for bad actors. Once digital loot disappears into the void of a non-custodial wallet, it’s gone—like your ex’s last text, but with more SHA-256.

Across both incidents, roughly 2,000 client accounts were potentially viewed. That’s 0.02% of Kraken’s millions-strong user base—a rounding error in spreadsheet terms, but still enough to trigger compliance bots and customer support panic. As one insider put it: “It’s a tiny fraction, but we’re not exactly bragging about it at the next company picnic.”

Shortly after cutting off the latest access, Kraken got the extortionist’s bill: pay up or we leak the footage to every journalist, degen Discord, and crypto gossip channel from here to Blockworks. Kraken’s response? A firm “nah.” No ransom, no negotiation, just a middle finger wrapped in a press release. The criminals may have the video, but they don’t have the bag.

The exchange also revealed it’s teaming up with law enforcement and other firms to track what appears to be a broader campaign of insider recruitment—think corporate espionage, but with more Telegram groups and fewer trench coats. Kraken believes it has enough evidence to help put the masterminds behind bars, or at least behind a heavily monitored IP address.

"The security of our clients is our highest priority, and we remain fully committed to combating the growing global threat of insider recruitment and constantly enhancing our security practices to combat new threats," said Percoco, whose job title should probably just be “Crypto Firefighter