On May 14, 2026, David Schwartz, the former Chief Technology Officer of Ripple and co-creator of the XRP Ledger, issued a stark warning about a critical Windows BitLocker flaw and a parallel surge in sophisticated scams targeting XRP holders.
Schwartz described the BitLocker vulnerability as one of the worst security flaws he has seen in years. The flaw allows an attacker with physical access to a Windows machine to bypass full-disk encryption via a simple USB-based method, without any authentication prompts. This means that locally stored private keys—whether in hot wallets or unencrypted backup files—could be exposed if a device is lost or seized.
Simultaneously, he highlighted an explosive increase in XRPL/XRP scam campaigns across social media and messaging platforms. Fraudsters are using fake airdrops, bogus giveaways, impersonator accounts mimicking Schwartz and other Ripple executives, and even AI-generated deepfakes to trick users. These schemes typically direct victims to malicious websites that request wallet connections or seed phrases, leading to instant asset drainage. Schwartz firmly stated that Ripple does not run free XRP giveaways, and any such promotion should be treated as fraudulent.
"There has been a huge escalation lately in airdrop and giveaway scams targeting XRPL users," Schwartz posted on X. "Any such posts you see are likely scams. Anyone claiming to be me on Instagram, Telegram, or almost anywhere else is likely a scammer. Stay safe XRP fam."
The warning comes amid a broader climate of crypto security threats, with April 2026 recording over $635 million in losses across 28 DeFi hacks. Although those attacks were mostly protocol exploits rather than social engineering, they underscore the high-value-target environment. Schwartz urged XRP holders to adopt layered security: use hardware wallets (cold storage), verify all channels and identities, maintain device hygiene, and never share seed phrases or connect wallets to unverified sites.
