Kraken Follows Coinbase Playbook After Extortion Attempt – ‘We Will Not Pay Criminals’

• Kraken said around 2,000 accounts were affected, representing just 0.02% of its user base. 
• Kraken’s chief security officer, Nick Percoco, said the company is working with law enforcement and believes it has sufficient evidence to take legal action against those involved.
• Coinbase took a similar stance in both 2022 and 2025, refusing to pay ransom demands tied to alleged or confirmed data access incidents.

Kraken (KRAKEN) chief security officer Nick Percoco said that a criminal group attempted to “extort” the cryptocurrency exchange, but the company will not pay up, echoing Coinbase’s (COIN) strategy from the 2022 exploit. 

In a post on X, Percoco said Kraken identified and shut down two instances of inappropriate access since February. After terminating access, the criminals issued “extortion demands” and threatened to distribute materials from both incidents to media outlets and on social media if Kraken doesn’t pay up. 

“We will not pay these criminals,” he wrote, adding that only information around 2,000 accounts had been exposed, which represents only 0.02% of its user base. Retail sentiment on Stocktwits around Kraken, which is not publicly listed yet, trended in ‘extremely bullish’ territory in morning trade.

Coinbase’s ‘No-Pay’ Playbook Guides Kraken Response

In 2022, when malicious actors demanded $450,000 from Coinbase claiming to hold data on 306 million users, the company’s security chief also dismissed it as a “baseless extortion attempt.” At the time, Coinbase’s security team contacted the extortionist and later confirmed claims of a breach were unfounded. 

That approach helped establish a precedent within the industry. By publicly exposing the bluff rather than paying quietly, Coinbase signaled that reputational damage from silence outweighs the risk of criminal threats. Kraken has taken a similar stance against the group demanding payment for internal system videos, asserting it has “sufficient evidence” for arrests rather than negotiating.

The strategy was tested again in May 2025, when Coinbase faced a more serious incident involving insiders who were allegedly bribed to access customer data. The attackers demanded a $20 million ransom. Coinbase declined to pay and instead offered a bounty of the same amount for information leading to arrests, while estimating potential remediation costs as high as $400 million.

COIN’s stock gained over 6.6% at market open on Tuesday amid a rally in the cryptocurrency market. Retail sentiment around the company on Stocktwits rose to ‘bullish’ from ‘neutral’ territory, accompanied by chatter at ‘normal’ levels. 

Crypto Firms Face Growing Insider Risk In Security Breaches

Kraken’s situation appears to fall between those two Coinbase cases. Unlike the earlier incident, where claims were disputed, the attackers in this case appear to have obtained internal materials. At the same time, the breach does not appear to match the scale or sensitivity of the 2025 insider-driven attack at Coinbase.

Recent attacks, including the $1.5 billion Bybit breach last year and the $280 million Drift Protocol exploit earlier this month, are examples of how insider access and social engineering are becoming more prominent risks for crypto platforms.

Kraken said it remains focused on strengthening internal controls and monitoring systems to address evolving threats. “The security of our clients is our highest priority,” Percoco said, adding that the company is committed to enhancing defenses against insider recruitment and similar attack vectors.

Read also: Ethereum Outperforms Bitcoin As US-Iran Peace Deal Hopes Spark Over $400 Million Crypto Short Squeeze

For updates and corrections, email newsroom[at]stocktwits[dot]com.