Kraken Refuses Ransom After Rogue Staff Exposed 2,000 Accounts
After two support staff abused access privileges to enable an extortion plot, Kraken Chief Security Officer Nick Percoco said the exchange will not pay criminals who threatened to leak internal footage. The incident affected 2,000 client accounts but core infrastructure remained secure.
Key Takeaway
Kraken's refusal to pay signals exchanges won't reward insider-enabled extortion, even with customer data at risk.
Two rogue Kraken support employees helped criminals access data from 2,000 client accounts before the exchange shut down the extortion plot.
Kraken received the first warning in February 2025 when a trusted source flagged a video circulating on a criminal forum. The exchange identified the compromised support team member and revoked access immediately. A second tip came weeks later with a similar video, leading Kraken to terminate another employee who had abused internal privileges.
The criminal group launched their extortion campaign shortly after Kraken cut off the second employee's access. They threatened to distribute internal footage across media outlets and social media unless the exchange paid ransom demands. Kraken Chief Security Officer Nick Percoco said Kraken refused all demands and will not negotiate with bad actors.
Kraken's core infrastructure was never breached, according to Percoco. Customer funds remain entirely secure. The rogue support agents only had the ability to view account information for a very small fraction of the user base, with the 2,000 affected accounts representing just 0.02% of Kraken's total clientele. Percoco emphasized that the criminals gained no technical access to Kraken's systems and could only leverage the limited data viewed by the two terminated employees.
This article was written based on reporting from U.Today.
