Ripple co-founder and CTO David Schwartz has issued an urgent public warning about what he described as a ‘huge escalation lately in airdrop and giveaway scams targeting XRPL users,’ flagging a coordinated wave of XRP scam news campaigns that have grown sharply more sophisticated through AI-generated impersonation and wallet drainer technology. The warning, posted to his 700,000-plus followers on X, arrives as XRP commands elevated institutional attention and retail volume, precisely the conditions that make its holder base a high-value phishing target. Bearish signal for ecosystem trust.
Ripple News: How the Attacks Work, Fake Airdrops, Wallet Drainers, and AI-Cloned Executives
The mechanism here is worth understanding precisely. The dominant attack vector is the fake airdrop: users are directed to a fraudulent promotional site promising free XRP tokens, where connecting a non-custodial wallet triggers a malicious script, a wallet drainer, that executes a single authorized transaction to empty holdings before the user realizes what happened.
Giveaway scams operate through a simpler but equally effective social engineering play. Fraudsters promise to return twice any amount of XRP sent to a scammer-controlled address, packaging the pitch around fabricated Ripple announcements or milestone celebrations.
The delivery infrastructure has matured significantly in 2026. Attackers are deploying AI-generated deepfake videos on TikTok and YouTube that clone Schwartz’s likeness and voice with enough fidelity to fool retail holders.
In a separate and notably sophisticated attack vector, Schwartz flagged a phishing campaign that injected fake emails into Robinhood’s infrastructure, exploiting Gmail’s dot-trick for account creation and embedding malicious HTML payloads in device names, with messages that passed SPF, DKIM, and DMARC authentication checks, making them appear as legitimate Robinhood correspondence.
