David Schwartz, Ripple’s Chief Technology Officer Emeritus, has issued an urgent warning to Robinhood users, alerting them to a sophisticated phishing campaign that exploits the exchange’s own email system. In a post on X (formerly Twitter), Schwartz cautioned that emails appearing to come from Robinhood’s official infrastructure may still be malicious, making them far more convincing than typical scams.
Schwartz stated: “WARNING: Any emails you get that appear to be from Robinhood (and may actually be from their email system) are phishing attempts.” He shared a screenshot of a realistic-looking security alert, complete with login details, device information, and a prompt to review suspicious account activity. The email closely mimics genuine Robinhood notifications, but Schwartz and community analysts concluded that attackers have found a way to inject malicious content into Robinhood’s notification system.
The warning has raised broader concerns about exchange security, with community members questioning how a major platform like Robinhood could have its email delivery compromised. Schwartz suggested the attack is more subtle than a direct hack, likely involving exploitation of Robinhood’s internal notification mechanisms rather than a full breach of the exchange’s core systems. Robinhood’s official scam guidance advises users to avoid clicking links in emails and to log in directly via the app or website.
This security incident comes at a pivotal time for Robinhood, as the company pursues expansion in Asia. Last week, Robinhood announced it received in-principle approval from the Monetary Authority of Singapore to offer brokerage services through Robinhood Singapore Pte. Ltd. This move, described by the company as part of its Asia-Pacific headquarters strategy, could allow it to offer securities, derivatives, custody, and fund services if a full license is granted. The phishing warning, while unrelated to Robinhood’s Singapore operations, has drawn additional scrutiny to the platform’s security controls just as it seeks to expand into tightly regulated markets.
The evolving phishing technique underscores a growing trend in crypto scams, where attackers bypass fake domains and instead target legitimate infrastructure. Robinhood users are urged to verify account activity only through the official app and to report suspicious emails to ReportPhishing@robinhood.com.
