What is happening
Wietse Wind, the founder of Xaman Wallet, has warned that a large, organized scam aimed at users of the XRP Ledger is underway. The scammers are not trying to break the code of the XRPL itself. Instead, they use social tricks to trick people. The main goal is to get people to sign bad or harmful transactions with their wallets.
The XRP Ledger, or XRPL, is a way to run a digital money system. It lets people use the digital money called XRP and it also supports other tokens. When we talk about these scams, often the problem is not bugs in the system but how people are tricked. The trouble is that clever attackers can fool users into giving away access or signing deals you don’t want.
A clear look at the tactics
Wind explained on the social media site X (formerly Twitter) on February 16 that he spent the weekend adding new checks and alerts to Xaman Wallet. He did this after he saw a wave of coordinated attempts to trick users into signing malicious transactions. These scams come in many forms, and they try to look real and helpful.
Here are several methods that Wind and others have noticed in recent days:
- Scam NFTs that pretend to offer an easy token swap or exchange.
- Fake desktop wallet apps that look like the real software but are designed to steal information.
- Direct messages that pretend to be people who work for support teams.
The official Xaman Wallet account also warned users repeatedly: do not click on links from strangers, do not reply to direct messages asking for personal information, and never connect your wallet to websites you do not recognize.
Why this kind of attack works
According to Wind, most of these attacks focus on people rather than breaking the software itself. The scammers try to manipulate users. They don’t need to break code if they can trick someone into giving away their keys or signing a transaction they did not intend to approve.
Attackers are not limited to social media. They also send phishing emails. An important detail is that XRPL wallets do not store user email addresses in the core system, so the scammers often rely on data leaked from other places. In theory, someone may have their data from another online service that was leaked in a breach. The scammers use that information to craft messages that look plausible.
Some scammers push fake desktop wallets even though Xaman is a mobile app. They may try to persuade users to download a supposed desktop version to access their coins more easily. In addition, some projects promise free tokens in exchange for people giving up their secret keys. A secret key is like a password for your wallet; if someone gets it, they can steal your funds.
Wind’s core message for users
Wind stresses that the safety of funds depends on what the user does. Even with warnings, filters, and alerts, the real barrier is how people respond. If a person interacts with a scammer or signs a transaction they do not trust, they could lose money. Wind says that funds are safe in Xaman Wallet as long as users do not approve unknown transactions or share their keys with anyone else.
Wind put it plainly: do not sign any transaction you do not trust and do not interact with anyone promising free tokens. He added that this is a cat and mouse game between scammers and users, which means scammers keep trying new tricks, but careful, informed users can stay safe.
Why this matters beyond one wallet
The XRPL-related scams are part of a bigger trend across the cryptocurrency world. Earlier this year, a security firm called PeckShield released a report about scams and hacks. The report found that crypto scams and hacks drained more than 4.04 billion dollars in 2025. Of that amount, about 1.37 billion dollars came from scams alone. That is a 64 percent rise from 2024.
The report also showed that the attackers are changing their approach. They are now using tailored phishing campaigns. Instead of relying only on technical weaknesses, they target people who have large amounts of money or important crypto holdings. This makes the scams more dangerous for high-value accounts.
Another finding from PeckShield is that centralized platforms and companies accounted for about 75 percent of stolen funds last year. This is a big jump from 46 percent in 2024. Centralized platforms are services where a company controls the keys and access to user funds. The rise suggests that attackers are not only going after software wallets but also places where more money is stored in one place.
Real-world examples of large losses
Security researchers remind us that wallet safety is not just about software tricks. On January 17, 2026, blockchain investigator ZachXBT reported a major hardware wallet scam. A victim lost about 282 million dollars in Bitcoin and Litecoin through a hardware wallet scam. The attacker then moved the funds through THORChain and traded them into Monero. This incident shows that even hardware devices, which some people think are safer, can be targeted by clever attackers. It also shows how fast money can move once stolen.
Wind views these events as reminders that security often comes down to user choices. His stance is that wallets can be secure, but only if users are careful about what they approve and who they trust. He says this is a continuous game where both sides learn and adapt, but the goal remains to protect people’s money.
What to take away from this story
Many people use XRPL wallets to manage their money and tokens. Scammers know this and try different ways to stampede people into signing harmful transactions. The key to staying safe is to be careful and skeptical online. Here are some practical tips drawn from Wind’s advice and the broader security discussion:
- Do not sign transactions you do not understand or trust. A signature is like giving someone permission to move money for you.
- Do not share your secret keys or recovery phrases with anyone. Treat them like the most sensitive password you own.
- Do not click on links from unfamiliar messages or emails. Scammers often use links that lead to fake websites or malware.
- Be careful with messages that claim to be from support staff. Real support teams will not pressure you to reveal keys or sign unusual transactions.
- Verify any new wallet software or desktop app with official sources. If something looks off, ask for help from trusted, known channels.
- Remember that XRPL is a technology that people use. The problem is not always the code; it is also how people act online.
Glossary of terms used in this story
- XRP Ledger — The XRP Ledger (XRPL), also known as the Ripple Protocol, is a cryptocurrency platform started in 2012 by Ripple Labs. It uses the native currency XRP and supports tokens and other units of value.
- Phishing — Phishing is a form of trickery where attackers try to get people to reveal sensitive information or install malware. It is one of the most common cybercrimes.
- Social engineering (security) — Social engineering is using psychology to pressure people into giving away confidential information or performing actions that weaken security.
- Cryptocurrency wallet — A cryptocurrency wallet is a device, program, or online service that stores the public and private keys for cryptocurrency transactions and may sign information; wallets can be software or hardware.
The main takeaway is simple: stay careful, stay informed, and remember that protecting your money online often comes down to the choices you make as a user. This story from the XRPL world shows that even strong technology needs careful use by real people. By following basic safety rules, you can reduce your risk and keep your funds safer.
Source: CryptoPotato
Leave a Reply