Apple Allowed for Distribution of Crypto-Wallet ‘Phishing’ App Through App Store, Class Action Claims
by Erin Shaak
Diep v. Apple, Inc.
Filed: September 16, 2021 ◆§ 8:21-cv-02359
A class action claims Apple has allowed certain consumers’ financial information and assets to be compromised through a “phishing” app available on the App Store.
Maryland
A proposed class action claims Apple, Inc. has allowed certain consumers’ financial information and assets to be compromised through what’s alleged to be a crypto wallet-looking “phishing” app available through the tech heavyweight’s App Store.
According to the case, Apple has authorized and maintained the “malicious application,” Toast Plus, which the plaintiff says she believed was associated with the “well-known” cryptocurrency wallet Toast Wallet, “despite knowledge of criminal activity,” and failed to notify those whose information and financial assets were supposedly stolen.
The plaintiff, a Maryland resident who works full time as a cybersecurity IT professional, claims to have had her cryptocurrency stolen after downloading the Toast Plus app, which she believed had been thoroughly vetted by Apple before it was made available for download. Per the case, Apple has violated state and federal consumer protection laws by allowing the Toast Plus app to be distributed through the App Store and intercept consumers’ financial assets and information.
The lawsuit relays that Apple maintains strict control over which applications are made available through its App Store by subjecting them to a “rigorous vetting process that involves provision of the proposed application’s purpose and a copy of the application itself and any relevant source code, users’ guides, and software documentation.”
In reliance on this vetting process, the plaintiff in March 2020 downloaded the Toast Plus app on her iPhone under the belief that it was associated with the well-known cryptocurrency holder Toast Wallet, the suit relays. According to the case, the Toast Plus app, aside from using a similar name, displayed a logo that was “the same or nearly identical” to the Toast Wallet logo.
Per the suit, the plaintiff linked her private XRP key, or a seed phrase, into Toast Plus and thereby provided the app with access to her roughly 474 Ripple (XRP) cryptocurrency coins, which she intended to hold as an investment. When the plaintiff checked her Toast Plus account in August 2021, she discovered that she had no XRP in her wallet, and that her account had been “deleted” on March 3, the lawsuit relays.
Upon further investigation, the plaintiff found that the Toast Plus app was not a legitimate version of the Toast Wallet but a “spoofing” or “phishing” program designed to trick consumers into providing access to their cryptocurrency and then routing the assets into the hackers’ personal accounts, according to the complaint.
The lawsuit alleges Apple either knew of the purpose of the Toast Plus app prior to distribution or learned of its purpose before the plaintiff downloaded the app. By allowing the app to be distributed through the App Store, the defendant has violated the Computer Fraud and Abuse Act, Electronic Communications Privacy Act and various state laws, the case contests.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.