XRPL users face coordinated scam surge, wallet founder says, as attackers deploy phishing, fake apps, and sign requests globally.
Xaman Wallet founder Wietse Wind has said that a “massive XRPL targeted scam effort” is underway, warning users about fake sign requests, phishing emails, and impersonation accounts.
His alert points to a rise in social engineering attacks aimed at crypto holders rather than flaws in the blockchain code.
A Multi-Pronged Attack on XRPL Users
Wind wrote on X on February 16 that he had spent the weekend adding new filters and alerts to Xaman Wallet after detecting coordinated attempts to trick users into signing malicious transactions.
He listed several methods seen in recent days, including scam NFTs that promise token swaps, fake desktop wallet apps, and direct messages posing as support staff. The official wallet account repeated the warning, telling users not to click links, respond to DMs, or connect wallets to unknown websites.
According to Wind, the attacks usually focus on manipulating users rather than breaching software, with the scammers expanding beyond social media and sending phishing emails even though Xaman does not store user email addresses, suggesting attackers are relying on leaked data from unrelated breaches.
The tricksters are also reportedly promoting fake “desktop wallets,” despite Xaman being a strictly mobile application. Some fraudulent projects are even promising free tokens in exchange for users’ secret keys.
Wind stressed that funds will stay safe if people avoid approving unknown transactions or sharing their keys.
You may also like:
“No matter the amount of warnings, detection, filtering, alerts in the app and here on social: no scammer can get you if you don’t willingly / unknowingly interact with them,” he advised. “Your funds are perfectly safe in Xaman Wallet: just don’t sign any transaction you don’t trust, and don’t interact with anyone promising you free tokens.”
Scams Moving Beyond DeFi Exploits
The XRPL scam wave reflects a troubling industry-wide trend, with a PeckShield report from earlier in the year revealing that crypto scams and hacks drained more than $4.04 billion in 2025.
Of that total, $1.37 billion came from scams alone, a 64% increase from 2024. The firm said attackers are shifting toward tailored phishing campaigns that target individuals with large holdings instead of relying only on technical exploits.
Furthermore, the PeckShield report also found that centralized platforms and companies accounted for about 75% of stolen funds last year, up from 46% in 2024.
These high-value thefts tied to deception extend beyond software wallets. On January 17, 2026, blockchain investigator ZachXBT reported that a victim lost about $282 million in Bitcoin (BTC) and Litecoin (LTC) through a hardware wallet scam. According to his findings, the attacker later moved the funds through THORChain and converted them to Monero (XMR).
Wind’s posts framed the latest campaign as a reminder that wallet security often depends on user decisions.
“This is a cat and mouse ‘game,’ and the scammers will not win,” he stated.
SECRET PARTNERSHIP BONUS for CryptoPotato readers: Use this link to register and unlock $1,500 in exclusive BingX Exchange rewards (limited time offer).
