On April 27, 2026, Hall Attorneys, P.C. filed a putative class action in the Southern District of New York against Stretto, Inc., the court-appointed claims and noticing agent in the Celsius, Voyager, and Prime Core cryptocurrency bankruptcies. The complaint alleges that the April 2024 Stretto data breach exposed Bankruptcy Code PII for over 500,000 cryptocurrency creditors and that Stretto's post-breach administration failed to protect those creditors.
The complaint alleges that Stretto, appointed under 28 U.S.C. § 156(c) to perform clerk-type functions in bankruptcy cases, accepted duties to protect Bankruptcy Code PII, preserve the integrity of official creditor communications, and administer claims and distributions without exposing creditors to reasonably foreseeable harm. The complaint alleges that on or about April 17, 2024, a threat actor accessed Stretto's CORE claims-administration environment after a Stretto employee fell victim to a smishing attack, and exfiltrated Bankruptcy Code PII for cryptocurrency creditors in three pending bankruptcies. Judge Glenn called Stretto's “radio silence” from April 17 to May 7, 2024 “mindboggling.” Stretto only began notifying certain creditors on May 7, 2024, and only notified all presiding judges in the affected bankruptcy cases after Judge Glenn ordered Stretto to do so.
The complaint alleges Stretto's CORE claims-administration environment held Bankruptcy Code PII as defined by 11 U.S.C. § 101(41A) — first initial and last name, physical address, email address, telephone number, and other identifying data — for cryptocurrency creditors in the Celsius, Voyager, and Prime Core bankruptcy cases. The Bankruptcy Court had ordered creditor addresses, email addresses, and phone numbers sealed because of the obvious risk that criminals would target crypto holders.
Claim and distribution data
The complaint alleges that exposed fields included claim amounts, schedule amounts, voting amounts, distribution-status information, and other claim-administration data. Combined with name and contact information, this data identifies a person as a cryptocurrency creditor and reveals that the creditor may be expecting a distribution.
Over 500,000 creditors affected across multiple cases
According to the complaint, the breach affected over 500,000 creditors across the Celsius, Voyager, and Prime Core cases — including approximately 104,000 Celsius creditors whose Bankruptcy Code PII was wrongfully accessed, approximately 142,200 affected Prime Core creditors, and an estimated 381,137 Voyager creditors with PII compromised similarly.
Foreseeable crypto-specific threats
The complaint alleges the exposed data was uniquely valuable to threat actors targeting crypto creditors: it identifies who is expecting cryptocurrency or cash distributions, prioritizes high-value targets, and enables impersonation of estate professionals through estate-branded phishing emails, fake distribution websites, wallet-drainer scams, postal-mail scams, suspicious phone calls, and account-takeover attempts on exchanges such as Coinbase.
What to do if you are a Celsius, Voyager, or Prime Core creditor
Cryptocurrency creditors targeted after the Stretto breach have reported phishing emails, spoofed estate and Stretto-branded communications, fraudulent postal letters, suspicious phone calls, and account-takeover attempts. Preserving records and verifying every distribution instruction through a safe channel is the most important first step.
Step 1
Preserve every email, postal letter, and screenshot
Save Stretto, estate, and distribution-related communications — including suspicious or spoofed messages — with full email headers, timestamps, and any postal envelopes. Preserve any phishing letters, smishing texts, or phone-call records.
Step 2
Verify any distribution instruction through a safe channel
Do not click links, connect wallets, or enter credentials based on email instructions alone. Confirm distribution mechanics (PayPal, Venmo, Coinbase, wire, check, Hyperwallet, etc.) through an independent and verified channel before acting.
Step 3
Harden your accounts
Change reused passwords, enable hardware-key or app-based multi-factor authentication on email and exchange accounts, and watch for SIM-swap activity, account-recovery requests, and unusual login alerts.
Step 4
Document time and out-of-pocket costs
Keep a running log of phishing attempts, account-recovery work, identity-protection or credit-monitoring purchases, time spent investigating, and any delayed or contested distributions.
How Hall Attorneys can help
We can assess the facts you have, help you preserve the right records, and evaluate whether the incident created meaningful legal exposure. If you have already received phishing communications, suspicious postal mail, fraudulent “additional total value return” offers, account-takeover attempts, or experienced delayed or disputed distributions, a documented timeline is especially important.
Do not delete emails, text messages, postal letters, account-security alerts, or distribution-related communications. Preserve everything before changing accounts or following any unverified link or instruction.
Frequently asked questions
Who filed the Stretto class action and in what court?
Hall Attorneys, P.C. filed the complaint on April 27, 2026 in the U.S. District Court for the Southern District of New York. The case is captioned John Doe 1 v. Stretto, Inc., No. 1:26-cv-03477. A jury trial is demanded.
What is the April 2024 Stretto data breach?
The complaint alleges that on or about April 17, 2024, Stretto discovered suspicious activity in a Stretto employee account. The threat actor accessed Stretto's CORE claims-administration environment and exfiltrated data held by Stretto in connection with bankruptcy matters, including the Celsius, Voyager, and Prime Core cryptocurrency bankruptcies. Stretto reported that the impacted employee had fallen victim to a 'smishing' attack.
Why is the breach particularly dangerous for cryptocurrency creditors?
The complaint alleges that for cryptocurrency creditors, the combination of name, email address, phone number, physical address, claim amount, distribution-agent assignment, account status, and bankruptcy-claim context is uniquely dangerous. It lets criminals identify who owns or is expecting cryptocurrency or cash distributions, prioritize high-value targets, impersonate estate professionals, craft domain- and brand-specific lures, attempt exchange-account takeovers, and contact victims through email, phone, text, and physical mail.
What does the complaint allege about Stretto's post-breach response?
The complaint alleges Stretto failed to promptly notify affected creditors and presiding judges, allowed contaminated email channels to be used for rights-critical and distribution-critical communications, omitted reliable postal backstops, paused Celsius distributions for approximately one month, invalidated and reissued unclaimed PayPal and Venmo claim codes, and provided ineffective support to affected creditors.
Who may be in the proposed class?
The complaint is brought on behalf of the Plaintiff and all others similarly situated whose Bankruptcy Code PII was accessed or exfiltrated in the April 2024 Stretto Data Breach in connection with the Celsius, Voyager, and Prime Core bankruptcy cases, and who experienced post-breach distribution and communication failures.
What relief is sought?
The complaint seeks damages for Stretto's Data Breach and post-breach administration failures, and narrow injunctive relief that restores safe distribution communications at Stretto's expense so that estate distributions to creditors are not reduced.
Attorney Advertising
The information you provide in your email will be kept confidential and will be used only to evaluate your potential claim. Sending an email does not create an attorney-client relationship. Do not send highly confidential information unless we specifically request it through a secure channel.
