Kroll Faces Class Action Lawsuit Over Massive FTX Data Breach - Here’s What Went Wrong
Another day, another crypto custody catastrophe. Kroll—the bankruptcy claims agent handling FTX's monumental collapse—just got slapped with a class action lawsuit. Why? For allegedly failing to protect sensitive customer data during one of the most scrutinized bankruptcies in digital asset history.
Security shortcomings exposed
The breach reportedly exposed personally identifiable information of FTX creditors—names, addresses, claim amounts—the very data that should've been locked down tighter than a Bitcoin maximalist's cold wallet. Instead, it became free real estate for threat actors.
Regulatory reckoning looms
This isn't just about damaged reputations. The lawsuit could set precedent for how third-party vendors handle sensitive data during crypto bankruptcies—a growing concern as the industry's graveyard gets more crowded. Kroll's security protocols are now under microscope scrutiny.
When the bankruptcy handlers need protection from themselves, you've reached peak crypto irony—almost impressive how traditional finance keeps finding new ways to monetize failure.
Kroll issues notice for data breach
Kroll confirmed the breach in a notice to creditors, insisting that no FTX passwords or digital assets were compromised.
“The attacker might use this information in a further scam, for example, by sending phishing emails to trick you into providing sensitive personal information,” Kroll said at the time.
The firm added that other accounts and systems were not impacted and that FTX assets were unaffected.
However, Hall attorneys claim the breach has exposed creditors to scam emails and direct financial losses. Repko, the lead plaintiff, told the court that he lost 1.9 ETH in July 2025 after a phishing attack diverted funds he was attempting to transfer into his digital wallet.
The complaint also mentioned there were operational problems with the FTX Customer Claims Portal. According to Repko, his Know Your Customer (KYC) status repeatedly toggled between “Verified” and “On Hold/Unverified,” preventing him from uploading the necessary tax forms required for distributions.
Per the plaintiff, even after making multiple attempts and writing dozens of support emails, he was unable to resolve the issue.
“Because the FTX Portal gates tax-form upload behind ‘KYC Verified,’ Plaintiff cannot complete the final prerequisites; under the confirmed plan and trust communications, claims may be expunged or distributions forfeited if tax forms are not timely uploaded,” the filing read.
Daily phishing complaints from creditors
According to a Thursday X post made by FTX creditor and activist Sunil Kavuri, creditors have been receiving scam emails nearly every day. Kavuri shared one message he received with his name embedded in the message, alongside several phishing attempts between August 14 and as recent as last Sunday.
FTX Creditors now daily receive scam emails impersonating FTX, Bahamas. Just received one few hours ago
Full name is included
Nicholas has filed a class action for the alleged data breach at Kroll https://t.co/kILxhygv90 pic.twitter.com/GcpEn2pu1I
— Sunil (FTX Creditor Champion) (@sunil_trades) August 21, 2025
Other users joined Kavuri with incidents of their own phishing attempt experiences, with one responding that they had also received similar fraudulent messages.
The class action demands Kroll to make systemic changes in how it handles creditor’s information, such as including multi-channel notices through both email and physical mail, mailed status-change letters with mandatory cure windows, and the option for creditors to upload tax forms manually without KYC gating.
“This is a servicing case, after a known security incident and impersonation wave, you can’t run deadlines on email-only and offer no mailed confirmations or manual fallback,” wrote Nicholas Hall, lead counsel for the plaintiffs, in a press statement.
Hall also said that eligible participants could receive monetary compensation depending on the court’s ruling, and the case could force operational changes at Kroll. His firm, Hall Attorneys, also operates the beleaguered exchange’s claims website and provides assistance to creditors managing their claims.
Get $50 free to trade crypto when you sign up to Bybit now
