At 12:40 in the morning, Kimberly Bottoms’s phone buzzed with a Cash App spam text she never asked for, from a sender she didn’t recognize.

Cash App’s “Invite Friends” program did not just let users send referral texts. Cash App wrote the message, assembled the contact list, generated the referral link, and put the send button one tap away. The user became a vessel. The corporation pulled the strings.

Under Washington State law, every single one of those texts is an illegal act. And Cash App sent them by the thousands, from September 2019 onward, while pocketing $10.6 billion (roughly the GDP of a small country) in a single year.

This is a class action filed by plaintiff Kimberly Bottoms on behalf of every Washington resident who got one of these texts. The law firm Terrell Marshall Law Group PLLC filed the complaint on November 13, 2023.

How the Machine Actually Worked

The mechanics of this scheme are worth understanding in full, because Cash App’s legal defense rests on the claim that a human user hit “send.” Here is what really happened. A Cash App user opened the app, tapped “Invite Friends,” and the app pulled their entire phone contact list automatically.

The user clicked a “Get $5” button next to any contact’s name. Cash App’s app then composed the message text, inserted the user’s unique referral code, generated a direct sign-up hyperlink, and pre-populated the message window. The human’s only remaining action was pressing send.

The complaint describes Cash App’s role as providing “substantial assistance or support which enables any person to formulate, compose, send, originate, initiate, or transmit a commercial electronic text message.” That is the exact legal definition of “assisting” under Washington’s CEMA statute. Cash App built the gun, loaded it, aimed it, and handed it to someone else.

The $5 Trap

Cash App offered both the referring user and the contacted person a $5 bonus. But the $5 evaporated within 14 days if the new user didn’t complete a “qualifying payment.” The new user also had to link a debit card. Once that card was linked, Cash App could charge a 0.5% to 1.75% fee on every instant transfer, $2.50 on every ATM withdrawal, and 3% on every credit card transaction.

The $5 referral bonus was a recruitment fee. The new user’s future transaction fees were the return on investment. Cash App paid $5 to acquire a customer who would then pay the company back indefinitely.

The Non-Financial Ledger

The costs that never appear on a balance sheet.

On Wednesday, March 22, 2023, at 12:40 in the morning, Kimberly Bottoms’s phone lit up. The text read: “Hey! I’ve been using Cash App to send money and spend using the Cash Card. Try it using my code and you’ll get $5. FVRJ1PH.” Bottoms had never asked to receive this message. She did not know the sender. She had no idea why a stranger — or possibly a contact she’d long forgotten — was texting her in the middle of the night to pitch a financial app.

That confusion is a feature of Cash App’s system, not a bug. Because Cash App’s referral link contained a unique user code, the corporation knew exactly who sent the text. The recipient did not. The power imbalance was total: Cash App had full visibility; the person on the receiving end had none. Bottoms later stated that she received multiple Cash App spam texts and for at least one of them, she did not know who the sender was at all.

Bottoms deleted the messages to conserve space on her phone. That is a sentence that deserves a full stop and a moment of silence. A person should not have to manage her phone’s storage capacity because a billion-dollar corporation decided her number was fair game for unsolicited marketing at 12:40 AM. The complaint describes the experience plainly: “Plaintiff’s privacy was invaded by the text messages she received promoting Defendant’s products and services.” She “did not understand why she was receiving annoying and harassing spam texts, which are a nuisance.”

Bottoms is one named plaintiff representing a class of over 1,000 Washington residents. Each of those people had the same experience: a buzz, a message they didn’t ask for, a pitch for a service they may or may not have wanted, and zero recourse unless they hired a lawyer. The lawsuit exists precisely because most people don’t hire lawyers over a spam text. Cash App counted on that. The economics of the scheme depended on individuals absorbing the cost of unwanted interruption while the corporation booked the revenue from the new accounts those texts generated.

The Washington legislature passed the Commercial Electronic Mail Act specifically because lawmakers understood that unsolicited commercial texts are a form of invasion. They are not merely annoying. They commandeer your attention, your device, your storage, and your time without consent. The legislature’s 2003 amendment extending CEMA to text messages recognized that cell phones are deeply personal in a way that email is not. Your phone sits on your nightstand. It goes to your doctor’s appointments, your family dinners, your 3 AM bathroom trips. Cash App reached into that space uninvited, thousands of times, across years.

The class period stretches back to September 8, 2019. That means this scheme ran for over four years before a lawsuit stopped it. Over those four years, every single Washington resident who received one of these texts experienced the same violation: their personal device was used as a marketing delivery mechanism without their knowledge or consent. The law says each of those incidents is worth $500 to the person harmed. The treble damages provision under the Consumer Protection Act raises that to $1,500. Cash App made the calculation that the program was worth running anyway.

Legal Receipts: What the Documents Actually Say

Direct quotes from the class action complaint. Verbatim. Unedited.

“Refer-a-friend marketing, such as Cash App’s ‘Invite Friends’ program, is a way for companies to mass market their services via text message without directly spamming consumers — instead they pay and enable their users to spam consumers for them.” — Class Action Complaint, Paragraph 3

“Defendant does not obtain recipients’ clear and affirmative consent in advance to receive the referral text messages and consciously avoids knowing whether its users send the commercial marketing text messages without obtaining recipients’ clear and affirmative consent in advance to receive the referral text messages.” — Class Action Complaint, Paragraph 33

“Defendant does not inform its users that they should obtain those recipients’ clear and affirmative consent in advance to receive the referral text messages. Nor does Defendant employ any controls from within the app to ensure that its users obtain recipient’s clear and affirmative consent in advance to receive the referral text messages before enabling them to send the commercial marketing text messages.” — Class Action Complaint, Paragraph 35

“Without an influx of new users generated through its ‘Invite Friends’ program, Cash App’s revenue would be adversely impacted. As stated by Cash App in its filings with the Securities and Exchange Commission, ‘[f]uture revenue growth depends on our ability to retain existing sellers and customers, attract new sellers and customers, and increase sales to both new and existing sellers and customers.'” — Class Action Complaint, Paragraph 22 (citing Cash App’s SEC filing)

“Defendant substantially assists and supports its users in sending illegal text messages by, inter alia: a) encouraging and incentivizing its users to send referral messages by compensating them with money; b) technologically enabling its users to initiate referral text messages through the Cash App Mobile App; c) composing the text messages; d) composing and providing unique user-specific referral links that a text recipient can use to sign up for Defendant’s services; and e) formulating text to be sent as part of the ‘Invite friends’ text messages.” — Class Action Complaint, Paragraph 32

Societal Impact: Who Actually Pays for This

Economic Inequality: The $5 Recruitment Hustle

Cash App markets itself heavily to unbanked and underbanked communities — people who cannot afford traditional bank account fees and use Cash App as a substitute. The “Invite Friends” program specifically targets those same communities by offering a $5 bonus, a sum that carries real weight for someone living paycheck to paycheck. Cash App weaponized the financial precarity of its existing users to recruit new ones.

The $5 bonus that referred contacts received expired within 14 days and required linking a debit card and sending a qualifying payment. Once that debit card was linked, Cash App had a pipeline to charge fees on every instant transfer, every ATM withdrawal, every paper money deposit. The $5 was a doorway. The fees on the other side were the business model.

The class action complaint notes that Cash App earned $10.6 billion ($10.6 billion — more than the entire annual budget of many U.S. cities combined) in revenue in 2022. The statutory damages at stake in this case — $500 per text, tripling to $1,500 — represent a rounding error in Cash App’s annual earnings. The company made a rational economic decision: run the spam program, collect the new users, and pay out settlements when they come. For a corporation at this scale, consumer protection violations are a line item.

The lawsuit’s complaint on “superiority” of class action treatment is worth reading as economic commentary. It states that “most Class members likely would find the cost of litigating their claims prohibitive.” Translation: the company structured the harm small enough that individuals couldn’t fight back alone. Only a class action changes that math. The $12.5 million settlement ($12.5 million — enough to cover more than a year of groceries for roughly 1,000 families) is a direct product of that mechanism.

Public Interest: The Law Says This Harms Everyone

Washington’s legislature did not leave this ambiguous. The CEMA statute explicitly states that the practices it prohibits “are matters vitally affecting the public interest” and “are not reasonable in relation to the development and preservation of business.” The law treats unsolicited commercial texts as a public harm, not just a private nuisance. Every Washington resident who carries a cell phone has a stake in whether corporations like Cash App can run this kind of operation with impunity.

The complaint cites the Washington Supreme Court’s decision in Wright v. Lyft, Inc., which established that a CEMA violation automatically satisfies all five elements of a Consumer Protection Act claim, including injury and causation. The Lyft precedent matters here: courts have already ruled that this specific category of corporate spam is not a gray area. It is an unfair and deceptive act in trade or commerce, full stop. Cash App ran the program anyway.

The complaint requests not just damages but an injunction — a court order requiring Cash App to stop. It also requests that if the court permits the program to continue in any form, Cash App be forced to adopt CEMA compliance measures and remain under court supervision for at least six months. The ask for ongoing court supervision signals that plaintiff’s counsel does not trust Cash App to self-regulate, and the four-year history of this program provides the evidence for that distrust.

The Math They Don’t Want You to Do

The settlement amount, $12.5 million ($12.5 million — enough to give roughly 25,000 people a $500 check, but still less than 0.12% of Cash App’s single-year revenue), tells you everything about the power imbalance built into corporate consumer protection law. Cash App generated $10.6 billion in revenue the same year this lawsuit was filed and will pay out a fraction of a percent to make it go away.

The Cost of Doing Business

What Now: Who to Watch and What to Do

Corporate Roles on Watch

• Block, Inc. Chief Executive Officer [REDACTED – Not in Source]
• Block, Inc. Chief Legal Officer [REDACTED – Not in Source]
• Block, Inc. Board of Directors [REDACTED – Not in Source]
• Cash App Product Leadership — the team that designed and shipped the “Invite Friends” feature with no consent controls

Regulatory Watchlist

• FTC (Federal Trade Commission) — authority over unfair or deceptive trade practices in consumer financial products
• CFPB (Consumer Financial Protection Bureau) — direct oversight authority over Cash App as a consumer financial services provider
• Washington State Attorney General — enforcement authority under the Washington Consumer Protection Act, RCW 19.86
• Washington State Legislature — monitor for any industry-backed weakening of CEMA’s anti-spam provisions

What You Can Actually Do

If you are a Washington State resident and you received a Cash App referral text between September 8, 2019 and today, you may be a class member. Contact Terrell Marshall Law Group PLLC in Seattle or Berger Montague PC to find out if you are eligible for the settlement. Do not wait for someone to find you.

Beyond the individual case: file a complaint with the CFPB at consumerfinance.gov/complaint and with the FTC at reportfraud.ftc.gov. Regulatory enforcement follows complaint volume. Every report you file adds to the public record that Cash App’s practices caused widespread harm. Support local mutual aid networks and digital rights organizations that fight for consent-based data practices. The legal system moves slowly; community pressure moves faster.

Delete Cash App if you no longer use it. Unlink your debit card before you do. Check your transaction history for fees you may not have noticed. The fine print is where corporations make their real money. Reading it is an act of resistance.