A Kraken phishing group is demanding access to some customer account information after two incidents involving customer service representatives.
Kraken Extortion Plot: Insider Fun
Yesterday, in a post on the social network
Kraken security update
We are currently being extorted by a criminal group that is threatening to release videos from our internal systems containing customer data if we do not comply with their demands. It’s significant to start with the most significant points: our systems have never been…
— Nick Percoco (@c7five) April 13, 2026
Now, according to Bloombergthe incident is not a classic external intrusion, but rather an insider access issue. A miniature set of customer data, such as names and physical addresses, may have been exposed after support staff took photos and videos of internal screens during two separate incidents: one in 2025 and the other earlier this year.
According to reports, the company has warned potentially affected customers to be especially careful when coming into contact with them. Bloomberg’s source is “a person familiar with the matter who declined to be named because the details have not been made public.”
This affected approximately 2,000 accounts and approximately 0.02% of users. Exposure is circumscribed to basic supporting data such as names and addresses. Kraken emphasizes that there has been no system hack and customer funds and trading infrastructure remain protected.
Kraken openly rejected the extortion attempt, stating that it “will not pay these criminals” and “will never negotiate with bad actors.” Percoco’s post shows that Kraken is cooperating with federal law enforcement agencies in multiple jurisdictions. and that CEX has collected sufficient evidence to lend a hand identify those responsible.
Long list of CEX customer service vulnerabilities
While this may sound rather specific, this is not the first time that a gigantic CEX has faced an issue of access to confidential information that exposes customer data through the exchange’s customer service. This isn’t even the first Kraken rodeo with this type of problem.
In January, Dark Web Informer reported that on a Dark Web forum, a read-only version of Kraken’s internal customer support system was being sold for a negotiable $1.
🚨🦑 Access to the Kraken cryptocurrency exchange panel sold on a murky web forum – read-only account with user profiles and transaction history.
Access details:
▪️ View only – user profiles and transaction history
▪️ Generate support tickets for phishing purposes or to extract more data
▪️ No… pic.twitter.com/7LsxRNMkYa— Dark Web Informer (@DarkWebInformer) January 1, 2026
Also in mid-2025, Kraken and Binance experienced the same social engineering pressure that previously led to the successful customer data breach at Coinbase, where attackers focused on support staff. The attackers allegedly contacted customer service representatives at the exchanges and offered bribes in exchange for access to user information. Our sister website Bitcoinist covered this story.
In February this year, a cryptocurrency trader claimed that a former Revolut employee tried to blackmail him by threatening to reveal his personal information if he did not pay up. Revolut claimed the allegation had been referred to law enforcement.
Market implications
This incident reinforces a key market theme: In a post-ETF cycle of higher regulation, “counterparty risk” on centralized exchanges is shifting from pure asset custody towards data security and insider controls.
While no immediate outflows or price shocks are evident, repeated data release headlines could push more flows toward exchanges with greater transparency, supply chain platforms or self-care solutions.
At the moment of writing, BTC trades for the high $71ks on the daily chart. Source: BTCUSD on Tradingview.
Cover photo from Perplexity. BTCUSD chart from Tradingview.
