Financial advisory firm Kroll is facing a class-action lawsuit in the United States after a data breach allegedly exposed the personal information of FTX, BlockFi, and Genesis creditors, leaving them vulnerable to persistent phishing attacks.
The lawsuit, filed Tuesday in a U.S. district court by Hall Attorneys on behalf of FTX customer Jacob Repko and other creditors, accuses Kroll of negligence in handling sensitive data. Creditors claim the breach in August 2023 led to a flood of scam emails, with some victims reporting daily phishing attempts designed to steal private information.
According to the complaint, Kroll’s reliance on email-only communication for bankruptcy claim verification created a single point of failure, which attackers exploited. The filing further alleges that compromised processes caused delays and, in some cases, financial losses for affected customers.
Sunil Kavuri, a prominent FTX creditor, shared screenshots on X (formerly Twitter) showing multiple phishing emails he had received, including some with his personal details.
“We are receiving these scam emails every day,” Kavuri wrote, echoing frustrations expressed by other creditors online.
FTX Creditors now daily receive scam emails impersonating FTX, Bahamas. Just received one few hours ago
— Sunil (FTX Creditor Champion) (@sunil_trades) August 21, 2025
Full name is included
Nicholas has filed a class action for the alleged data breach at Kroll https://t.co/kILxhygv90 pic.twitter.com/GcpEn2pu1I
Nicholas Hall, attorney for the plaintiffs, said that successful litigation could result in monetary compensation for affected creditors and force operational reforms at Kroll. Hall also operates the FTX Claims website, designed to help creditors navigate the complex claims process.
Costs you nothing.
— Nicholas Hall (@nicholashall) August 21, 2025
Potential outcomes—if the Court certifies the case and later approves a settlement or enters judgment—can include two things:
• Monetary relief for eligible class members (for example, up to $750 or actual damages for California victims, but depends on…
This isn’t the first time Kroll has faced scrutiny. In March 2024, the firm reportedly suffered another security incident in which invoicing records, accounts payable data, and email addresses were accessed by malicious actors.
Meanwhile, efforts to reimburse FTX’s vast pool of creditors continue. The third round of repayments, scheduled for September 30, will distribute $1.9 billion, though foreign creditors from countries such as China and Russia may be excluded. In May, the exchange disbursed over $5 billion in its second round of payouts, while a February plan earmarked $1.2 billion for claimants with balances up to $50,000.
