Wietse Wind, the lead developer of the Xaman wallet and a prominent contributor to the XRP Ledger (XRPL), has issued a critical security advisory regarding a coordinated and sophisticated scam campaign active in February 2026. Following a weekend of deploying emergency filters and in-app warnings, Wind detailed six specific social engineering attack vectors currently targeting the XRPL community.
The first and most prevalent method involves fraudulent sign requests that trick users into authorizing seemingly routine transactions, which instead trigger the immediate transfer of XRP to attacker-controlled addresses. The second vector is the distribution of malicious NFTs via unsolicited airdrops, which often contain "swap offers" designed to lure holders into exchanging legitimate assets for worthless tokens.
Impersonation accounts on platforms like X and Telegram pose as official support staff to create a false sense of urgency, constituting the third threat. The fourth is phishing emails that reference wallet activity. Wind noted that since Xaman does not collect user email addresses, these campaigns rely on leaked databases from unrelated crypto breaches to create the illusion of legitimacy.
The fifth threat is the circulation of fake desktop wallets, as Wind clarified that no official Xaman desktop client exists. Finally, the sixth vector involves fraudulent token giveaways that request secret keys or recovery phrases under the guise of promotional participation.
Wind emphasized that the XRPL protocol itself remains secure and uncompromised, with the attacks operating entirely at the social engineering layer, targeting user decision-making rather than network consensus. "No matter the amount of warnings, detection, filtering, alerts in the app and here on social: no scammer can get you if you don't willingly / unknowingly interact with them," Wind advised. "Your funds are perfectly safe in Xaman Wallet: just don't sign any transaction you don't trust."
This warning aligns with a broader industry trend identified by security firm PeckShield, which reported that crypto scams and hacks drained over $4.04 billion in 2025, with scams alone accounting for $1.37 billion—a 64% increase from 2024. The report highlighted a shift toward tailored phishing campaigns targeting individuals with large holdings, moving beyond pure technical exploits.
