Ripple’s Chief Technology Officer (CTO) is warning his audience on X about a new, sophisticated scam that’s specifically targeting Robinhood’s customers. In a shared screenshot, Ripple’s David ‘JoelKatz’ Schwartz has drawn the public’s eye to a recent Robinhood login notification, which appears to be fake.
Crucial Robinhood Customer Alert: Emails Infected?
“Any emails you get that appear to be from Robinhood (and may actually be from their email system) are phishing attempts.”, – stated the veteran developer. Some users on Crypto Twitter have advised to look for the blue check mark to identify legit correspondence, but the issue seems to go deeper than that.
The emails appear to be seemingly legitimate. The messages appear to be genuine to most recipients, as the fraudulent emails successfully pass through the SPF, DKIM, and DMARC checkpoints. The screenshot also hints at made-up ‘recent login’ details, attempting to lure in the unsuspecting Robinhood customer.
Ripple CTO Deciphers Robinhood’s Email Incident
It shows the claimed login device, location details & more. Moreover, Ripple’s CTO David Schwartz claims the hackers were able to infect Robinhood’s automated email system from within. Labelling the Robinhood email ‘quite sneaky’, JoelKatz. This is known as the ‘dot trick’, where multiple variations of the same address is wrongfully perceived as legitimate.
The hackers probably assigned a malicious HTML code to a device, allowing the HTML payload to render within Robinhood’s email system. This creates multiple authenticated email messages with malicious intent, deceiving the crypto exchange’s customers into thinking they’re pressing on an official Robinhood link.
Despite rising sharply in 2026, phishing scams are nothing new. A similar attack was deployed on MetaMask’s users at the beginning of the year – stealing seed phrases all around the place. With centralized platforms, the retrieval of stolen access is considerably easier, while DeFi dwellers have multiple security layers that serve as stronger preventative measures.
Check out DailyCoin’s hottest crypto scoops today:
Deepfake Call Tricks Cardano Dev, Exposes New Weak Spot
CLARITY Act Hits A Big Delay As Lobbying Fight Escalates
People Also Ask:
Scammers are sending highly realistic phishing emails that appear to come directly from Robinhood’s own email system (like noreply@robinhood.com). These messages pass authentication checks and look completely legitimate, often claiming unusual account activity and urging you to click “Review Activity Now.”
Yes — Robinhood has acknowledged fraudulent emails sent from their domain and advised users to ignore them and secure their accounts.
Enable two-factor authentication (2FA), use a strong unique password, avoid clicking links in emails, and always access your account directly rather than through email links. Consider app-based 2FA over SMS.
