Hall Attorneys, P.C. filed a putative class action in the Western District of Texas against Kroll Restructuring Administration LLC alleging that, after the August 2023 Kroll security incident, FTX, BlockFi, and Genesis customer-creditors were targeted by sophisticated phishing while Kroll continued to rely on email-only outreach for rights-affecting deadlines — with KYC verification holds, claims-portal lockouts, blocked tax-form submissions, months-long support delays, and disputed or expunged claims.
The complaint alleges this is a servicing case: after a known security incident and a sustained impersonation wave aimed at cryptocurrency creditors, Kroll continued to run rights-critical deadlines on email-only outreach, offered no mailed confirmations or manual fallback for blocked tax-form submissions, and left creditors locked out of the claims portal during the periods when deadlines were running. The complaint alleges this servicing posture — not a single cyberattack — is what produced phishing-related losses, delay-related harms, and expunged claims for FTX, BlockFi, and Genesis customer-creditors.
The complaint alleges that, after the August 2023 Kroll security incident, customer-creditor identifying and account information became available to threat actors targeting cryptocurrency creditors expecting bankruptcy distributions from FTX, BlockFi, and Genesis.
The complaint alleges that customer-creditors were targeted by sophisticated phishing attacks impersonating Kroll, the estates, and exchanges, while Kroll continued to rely on email-only outreach for rights-affecting deadlines after a known impersonation wave.
The complaint alleges Kroll's claims-verification process was compromised — KYC/AML verification holds, claims-portal lockouts, and blocked tax-form submissions left creditors unable to submit, correct, or defend their claims, sometimes for months.
The complaint alleges that, while creditors were locked out or unable to authenticate Kroll communications, claims were disputed, downward-adjusted, or expunged — with months-long support delays preventing meaningful cure before deadlines passed.
FTX, BlockFi, and Genesis customer-creditors who experienced phishing, KYC/AML verification holds, claims-portal lockouts, blocked tax-form submissions, months-long support delays, or disputed or expunged claims are encouraged to preserve records and contact Hall Attorneys.
Step 1
Save Kroll, estate, and distribution-related communications — including suspicious or spoofed messages — with full email headers and timestamps. Save claims-portal screenshots, mailed correspondence, and any postal envelopes.
Step 2
Do not click links in emails purporting to be from Kroll, FTX, BlockFi, or Genesis. Type the official URL directly in your browser, and never share confidential data via DM or social channels.
Step 3
Keep a running log of every login attempt, KYC/AML verification request, support ticket number, response time, and account or claim status change. Capture screenshots before making any account changes.
Step 4
Email nhall@hallattorneys.com with the subject line "Kroll Data Breach Intake" and a chronological summary of phishing communications, portal lockouts, KYC delays, blocked submissions, or disputed/expunged claims. Do not include passwords or recovery phrases.
We can assess the facts you have, help you preserve the right records, and evaluate whether the incident created meaningful legal exposure. If you experienced phishing, KYC verification holds, claims-portal lockouts, blocked tax-form submissions, months-long support delays, or disputed or expunged claims, a documented timeline is especially important.
Do not delete Kroll emails, screenshots, or claims-portal records. Preserve everything — including full email headers and timestamps — before changing accounts, verifying KYC, or following any unverified link or instruction.
Hall Attorneys, P.C. filed the complaint in the U.S. District Court for the Western District of Texas, Austin Division. The case is captioned John Doe 1, et al. v. Kroll Restructuring Administration LLC, No. 1:25-cv-01319 (W.D. Tex.).
FTX, BlockFi, or Genesis customer-creditors who, after the August 2023 Kroll security incident, experienced sophisticated phishing attempts, KYC/AML verification holds, claims-portal lockouts, blocked tax-form submissions, months-long support delays, or disputed or expunged claims should contact Hall Attorneys.
The complaint alleges that, after a known security incident and impersonation wave, Kroll continued to rely on email-only outreach for rights-affecting deadlines, offered no mailed confirmations or manual fallback for blocked tax-form submissions, and left creditors locked out of the claims portal during the period in which deadlines were running. The complaint alleges these practices harmed FTX, BlockFi, and Genesis customer-creditors.
Beyond damages for phishing-related harms, delay-related harms, and expunged claims, the complaint seeks practical reforms: multi-channel notice (email and First-Class Mail), mailed status-change letters with mandatory cure windows, a non-gated manual tax-form option, change-control hardening (mailed code to existing addresses before email/phone changes), deliverability safeguards, and independent audits.
No. Contacting Hall Attorneys, P.C. does not by itself create an attorney-client relationship. Please do not send highly confidential information — including passwords, recovery phrases, or private keys — unless specifically requested through a secure channel. The firm will review submissions and follow up if appropriate.
Preserve all Kroll emails and notices with full headers, screenshots of the claims portal, any mailed correspondence, records of phishing or impersonation attempts, and a written timeline of support interactions. Do not delete accounts or messages before documenting them.
Attorney Advertising
The information you provide in your email will be kept confidential and will be used only to evaluate your potential claim. Sending an email does not create an attorney-client relationship. Do not send highly confidential information unless we specifically request it through a secure channel.