XRPL users are facing a coordinated wave of scams, Wallet founder says, as attackers deploy phishing and fake apps and sign requests worldwide.
Xaman Wallet founder Wietse Wind has said that a “massive XRPL-targeted scam effort” is underway, warning users about fake signing requests, phishing emails and impersonator accounts.
His warning points to an increase in social engineering attacks targeting crypto holders rather than flaws in the blockchain code.
A multi-pronged attack on XRPL users
Wind wrote on X on February 16 that he spent the weekend adding new filters and alerts to Xaman Wallet after detecting coordinated attempts to trick users into signing malicious transactions.
He listed several methods we’ve seen in recent days, including scam NFTs promising token swaps, fake desktop wallet apps, and direct messages posing as support staff. The official wallet account repeated the warning, which tells users not to click on links, respond to DMs, or link wallets to unknown websites.
According to Wind, the attacks are usually aimed at manipulating users rather than hacking into software, with the scammers expanding beyond social media and sending phishing emails, even though Xaman does not store user email addresses, suggesting attackers are relying on leaked data from unrelated breaches.
The impostors are also reportedly promoting fake “desktop wallets,” despite Xaman being a strictly mobile application. Some fraudulent projects even promise free tokens in exchange for users’ secret keys.
Wind emphasized that funds will remain safe if people do not approve unknown transactions or share their keys.
You might also like:
“No matter the number of alerts, detection, filtering, alerts in the app and here on social media, no scammer can catch you if you don’t voluntarily/unknowingly communicate with them,” he advised. “Your money is completely safe in Xaman Wallet: just don’t sign transactions you don’t trust, and don’t talk to anyone who promises you free tokens.”
Scams that go beyond DeFi exploits
The
Of that total, $1.37 billion came from scams alone, a 64% increase from 2024. The company said attackers are shifting to customized phishing campaigns that target individuals with large assets rather than relying solely on technical exploits.
Additionally, the PeckShield report shows that centralized platforms and companies accounted for approximately 75% of stolen funds last year, up from 46% in 2024.
These high-value thefts linked to fraud extend beyond just software wallets. On January 17, 2026, blockchain researcher ZachXBT reported that a victim lost approximately $282 million worth of Bitcoin (BTC) and Litecoin (LTC) through a hardware wallet scam. According to his findings, the attacker later moved the funds through THORChain and converted them into Monero (XMR).
Wind’s messaging framed the latest campaign as a reminder that wallet security often depends on user decisions.
“This is a cat and mouse game and the scammers will not win,” he stated.
SECRET PARTNERSHIP BONUS for CryptoPotato readers: Use this link to register and unlock $1,500 in exclusive BingX Exchange rewards (limited time offer).
#Wallet #Founder #Warns #Coordinated #Scams #Targeting #XRPL #Users