Kraken’s Chief Security and Information Officer Nick Percoco disclosed on April 13, 2026, via a post on X, that the exchange is facing an active extortion threat from attackers who obtained videos showing support staff accessing internal client support systems, along with limited client data affecting approximately 2,000 accounts, roughly 0.02% of Kraken’s total user base.

Percoco stated that core systems were never breached, that customer funds remain safe, and that Kraken will not negotiate with the attackers under any circumstances. The exchange has notified all potentially affected clients directly and confirmed it is cooperating with federal law enforcement across multiple jurisdictions, with Percoco characterizing the available evidence as sufficient to support arrests.

We suspect this is less a story about a single extortion attempt and more a structural signal about the maturation of insider-threat operations targeting crypto exchanges – a threat category that combines social engineering, criminal recruitment networks, and leveraged data as a monetization mechanism, and one that exchange security architectures were not historically designed to defeat at the access-control layer.

DISCOVER: Best crypto to buy right now – CoinSpeaker’s updated guide

Kraken Extortion Incident: Two Insider Access Events, One Extortion Demand, and What the Exchange Has Confirmed

The mechanism behind the extortion threat functions as follows: in February 2025, Kraken received a tip that a video documenting unauthorized access by a support team member was circulating on a criminal forum; the exchange launched an internal investigation, revoked the relevant access, and implemented enhanced security controls.

A second, structurally identical incident occurred in early 2026, in which another support team member was identified as having accessed internal client support systems without authorization; Kraken terminated that individual’s access and notified affected clients.

Extortion demands emerged immediately after access was cut in the second incident, with the attackers threatening to release the recorded material to media outlets and social platforms if their demands were not met.

Kraken Security Update

We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands. It’s important to start with the most important points: our systems were never…

— Nick Percoco (@c7five) April 13, 2026

The data obtained by the attackers is confined, according to Kraken’s disclosure, to support-level information – client support system records for the approximately 2,000 affected accounts – with no private keys, trading infrastructure, or customer funds implicated. No video footage had been released publicly as of Percoco’s April 13 statement.

Percoco described the exchange’s posture directly: “The security of our clients is our highest priority, and we remain fully committed to combating the growing global threat of insider recruitment” – a characterization that frames the incident explicitly within the context of criminal networks systematically targeting high-value sectors rather than as an isolated operational failure.

It is necessary to flag the epistemic status of several details here: the specific identity of the attackers, the precise nature of their demands, and the full scope of the recorded material remain unconfirmed in Kraken’s public disclosures. What the exchange has confirmed is the timeline, the access scope, the notification posture, and the decision not to pay.

EXPLORE: Best meme coins to watch – CoinSpeaker’s updated rankings

Insider Recruitment as a Systemic Exchange Risk: What the Kraken Pattern Reveals About Crypto’s Evolving Threat Surface

The pattern documented across both Kraken incidents – an insider recruited or coerced into recording access sessions, followed by an extortion demand leveraging that footage – is consistent with what security analysts have characterized as Crime-as-a-Service infrastructure, in which criminal networks provide recruitment pipelines, technical guidance, and monetization channels to operatives embedded inside target organizations.

Crypto exchanges, gaming firms, and telecom providers have emerged as preferred targets given their combination of high-value data, outsourced or contract support roles, and reputational sensitivity to breach disclosure.

I imagine this breaks the record for fastest time between being granted a Fed Master Account and being hit with a massive hack https://t.co/kJGjlY7DQM

— Amanda Fischer (@amandalfischer) April 13, 2026

The $270 million Drift Protocol exploit attributed to North Korean state-linked actors demonstrated the upper bound of damage sophisticated threat actors can inflict on crypto infrastructure; the Kraken incidents illustrate that the lower end of the attack surface – support-tier access, not core systems – carries its own leverage.

We suspect Kraken’s decision to disclose both incidents, coordinate with law enforcement across multiple jurisdictions, and publicly refuse negotiation represents a deliberate signaling strategy as much as an operational response – an attempt to establish, on the record, that extortion against the exchange carries legal rather than financial consequences.

We anticipate further disclosures will follow once the active multi-jurisdictional investigation permits, potentially including details on arrest outcomes and the specific insider-threat controls Kraken implemented after each incident. Unaffected users require no action, according to the exchange’s guidance.

EXPLORE: Kraken Master Account: Inside the Congressional Inquiry From Rep. Maxine Waters

next

Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.

Web3 News, Cybersecurity News

U.S. Representative Maxine Waters (D-CA), the ranking Democrat on the House Financial Services Committee, has formally demanded that the Federal Reserve Bank of Kansas City explain its legal basis for approving a Federal Reserve master account for Payward Financial, the entity doing business as Kraken Financial, marking the first time a crypto exchange has secured direct access to the Fed’s core payment infrastructure.

In a letter transmitted Thursday to Kansas City Fed President Jeff Schmid, Waters requested a written response by April 10, citing transparency deficiencies and the absence of any statutory or regulatory basis for the regional bank’s account classification. The approval, which the Kansas City Fed confirmed on March 4, 2026, was structured as a “limited purpose account” — a designation that appears in neither the Federal Reserve Act nor the Federal Reserve Board’s Account Access Guidelines.

We suspect the Waters inquiry signals something larger than a single account approval: it reflects Democratic lawmakers’ determination to assert congressional oversight over a regulatory posture that has visibly shifted toward accommodation since the change in administration. Crypto-native banks and exchange operators with pending master account applications would be mistaken to treat this as routine oversight noise.

EXPLORE: Top Crypto Exchanges for Leverage Trading

Kraken Master Account: Inside Waters’ Congressional Inquiry

A Federal Reserve master account grants its holder direct access to the Fed’s payment rails, principally Fedwire Funds Service for high-value real-time gross settlement and FedACH for batch retail transfers, without routing through an intermediary correspondent bank.

For a crypto exchange like Kraken, that operational shift is material: it eliminates the counterparty dependency on traditional banking intermediaries, accelerates settlement finality, and reduces the structural vulnerability that has made crypto firms targets of debanking pressure over the past several years.

Kraken Financial holds a Wyoming Special Purpose Depository Institution (SPDI) charter, operates on a full-reserve model with no lending activity, and is not covered by the Federal Deposit Insurance Corporation (FDIC).

The Kansas City Fed, which is the relevant district bank for Wyoming-chartered institutions, approved what it designated a “limited purpose account” — a category that restricts certain privileges, including interest on excess reserves, but grants access to Fedwire settlement. Kraken Co-CEO Arjun Sethi publicly described the arrangement as the “convergence of crypto infrastructure and sovereign financial rails.”

Waters’ letter to Schmid identifies the core procedural problem precisely: no provision of the Federal Reserve Act and no section of the Fed Board’s Account Access Guidelines published in 2022 references a “limited purpose account” as a distinct account tier.

She asked Schmid to clarify whether Kraken’s account includes FedACH, Fedwire, or cash services access; whether it is subject to overdraft restrictions, balance caps, or enhanced supervisory conditions; and whether the Kansas City Fed coordinated the approval with the Federal Reserve Board of Governors or other federal agencies.

Waters also noted the Kansas City Fed’s stated refusal to disclose account-holder details, citing the “confidentiality of business information provided by applicants”, a position she characterized as inconsistent with public accountability for access to sovereign financial infrastructure.

EXPLORE: Best DeFi Coins to Buy in 2026

Fed Master Accounts and Crypto Banks: The Legal Battleground

The legal history here is not abstract. Custodia Bank, also a Wyoming SPDI, spent years litigating against the Federal Reserve Board of Governors and the Federal Reserve Bank of Kansas City after both denied its master account application and Federal Reserve membership.

A federal district court ultimately ruled against Custodia in 2024, finding that the Kansas City Fed retained discretion under the Federal Reserve Act — specifically under 12 U.S.C. § 342 — to deny account access to state-chartered non-member banks. That ruling, and the Fed Board’s 2022 supervisory guidance establishing a tiered review framework for novel bank applications, created a legal architecture that appeared to foreclose direct Fed access for crypto-native depositories classified in the highest-risk tier.

A historic moment for crypto.

Kraken Financial has been granted a Federal Reserve master account, making us the first digital asset bank with direct access to the U.S. payments system.

A major step toward connecting crypto infrastructure with the core rails of global finance.…

— Kraken (@krakenfx) March 4, 2026

Kraken’s approval arrived through a different procedural channel. Rather than seeking full master account membership, Payward Financial obtained a circumscribed account structured as a one-year pilot, confirmed as such by Federal Reserve Vice Chair for Supervision Michelle Bowman at an American Bankers Association conference one week after approval.

Bowman described the account as a test for nonbanks occupying a “grey area” between regulated depositories and firms with no supervisory relationship, stating explicitly: “We’re trying to learn.” That framing is notable because it positions the approval not as a policy determination but as a supervised experiment, which may limit its precedential value for other applicants while simultaneously shielding it from the kind of finality challenge that doomed Custodia’s application.

The Bank Policy Institute’s Co-Head of Regulatory Affairs, Paige Pidano Paridon, articulated the institutional banking sector’s concern directly: “We are deeply concerned… This action ignores public comment… with no transparency into the process for approval or the risk mitigants.” That reaction matters because it aligns the traditional banking lobby with Waters’ transparency argument, creating a cross-ideological pressure coalition that the Kansas City Fed will find difficult to dismiss as partisan. We anticipate that the Fed Board’s pending “skinny” master account framework — intended to limit capital regime benefits for crypto firms while permitting narrow payment access — will become the focal document in any formal response to Waters’ inquiry.

EXPLORE: Delaware Moves to Regulate Stablecoins Through State Banking Framework

next

Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.

Cryptocurrency News