November 21, 2024
Security News

Crypto Investor Sues Apple Over Malicious App That Stole Cryptocurrencies

A crypto investor has filed a class-action lawsuit against Apple Inc. after she downloaded a malicious application from the company’s App Store that led to the theft of her cryptocurrencies.

Apple Sued Over Theft of Cryptocurrency Due to Malicious App

Hadona Diep, a resident of the U.S. state of Maryland and a full-time cyber-security IT professional, has filed a class-action lawsuit against Apple Inc. She alleges that the company authorized and maintained “a malicious application” in its App Store despite knowledge of the criminal activity. In addition, the company failed to notify her and the class members that their financial information had been compromised. The lawsuit explains that “Because Plaintiff knew, or at least thought she knew, that Apple thoroughly vets applications before it allowed them on the App Store, Plaintiff downloaded the application known as Toast Plus from the Apple App Store on or about March of 2020 onto her iPhone.” The plaintiff believed that “Toast Plus was a version of Toast Wallet, a well-known cryptocurrency wallet, as the names were similar and the logo used for the application in the App Store was the same or nearly identical.” In January 2018, the plaintiff transferred about 474 XRP from crypto exchange Bittrex to a secure crypto wallet called Rippex. However, Rippex shut down a month later so the plaintiff accessed her coins through the secured wallet and “linked her private XRP key, or a seed phrase, into Toast Plus in March of 2021.” The court document notes:

As Plaintiff intended to hold the XRP as an investment and not to actively trade it, she did not check the Toast Wallet Plus application after entering her seed phrase into it. In August of 2021, Plaintiff checked her account on Toast Plus, and discovered that not only did she have no XRP in the wallet, her account was ‘deleted’ on March 3, 2021.

Diep began investigating the matter and discovered that “Toast Plus was not in fact a version of the legitimate Toast Wallet application, but was instead a ‘spoofing’ or ‘phishing’ program created for the sole purpose of stealing cryptocurrency, by obtaining consumers’ cryptocurrency account information and thereafter routing the same to the hackers’ personal accounts.” The plaintiff claims that Apple violated a number of laws, including the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, Maryland Personal Information Protection and Consumer Protection Acts, and each state’s Personal Information Protection and Consumer Protection Acts. The plaintiff seeks for the “Award [of] statutory, actual, or compensatory damages” to her and the class “to the maximum extent permitted by law.” She also seeks “reasonable compensation for serving as a class representative” and “pre- and post- judgment interest at the legal rate,” as well as any “further relief as the court deems just and proper.” What do you think about this lawsuit? Let us know in the comments section below.