According to the wallet founder, XRPL users are facing a surge in organized fraud as attackers deploy phishing, fake apps, and sign requests around the world.
Xaman Wallet founder Wietse Wind said a “large scale XRPL targeted fraud campaign” was underway and warned users about fake signature requests, phishing emails and impersonated accounts.
His warning points not to flaws in blockchain code, but to an increase in social engineering attacks targeting crypto holders.
Multi-pronged attacks against XRPL users
Wind wrote to X on February 16 that he added new filters and alerts to the Xaman Wallet over the weekend after detecting coordinated attempts to trick users into signing malicious transactions.
He cited several techniques seen in recent days, including fraudulent NFTs promising token exchanges, fake desktop wallet apps, and direct messages posing as support staff. The wallet’s official account reiterated the warning, asking users not to click on links, reply to DMs, or connect their wallets to unknown websites.
Wind said attacks typically focus on user interaction rather than software compromise, and the scammers have expanded beyond social media to send phishing emails even though Xaman does not store users’ email addresses, suggesting the attackers are relying on data leaked from unrelated breaches.
Even though Xaman is strictly a mobile application, scammers are also reportedly promoting fake “desktop wallets.” Some scam projects promise free tokens in exchange for users’ private keys.
Wind stressed that if people avoid approving unknown transactions or sharing keys, their funds will remain safe.
You may also like:
“Regardless of the amount of warnings, detections, filters and alerts on apps and social, scammers can’t catch you if you don’t interact with them, intentionally or unintentionally,” he advised. “Your funds are completely safe in the Xaman wallet. Do not sign transactions you do not trust and do not interact with anyone who promises you free tokens.”
Scams beyond DeFi exploits
The wave of XRPL fraud reflects an alarming trend across the industry, with a PeckShield report earlier this year revealing that more than $4.04 billion will be lost in 2025 due to cryptocurrency scams and hacks.
Of this, $1.37 billion came from fraud alone, an increase of 64% from 2024. The company says that instead of relying solely on technical exploits, attackers are moving toward customized phishing campaigns that target individuals with large amounts of assets.
Additionally, PeckShield’s report found that centralized platforms and companies accounted for approximately 75% of stolen funds last year, up from 46% in 2024.
These costly thefts coupled with deception extend beyond software wallets. On January 17, 2026, blockchain researcher ZachXBT reported that victims lost approximately $282 million in Bitcoin (BTC) and Litecoin (LTC) to a hardware wallet scam. According to his findings, the attackers then moved the funds through THORChain and converted them into Monero (XMR).
Wind’s post constituted its latest campaign as a reminder that the security of a wallet often depends on the decisions of its users.
“This is a cat-and-mouse ‘game’ and the fraudsters will never win,” he said.
Secret partnership bonus for CryptoPotato readers: Use this link to register and unlock $1,500 in exclusive BingX Exchange benefits (for a limited time only).
