The crypto landscape is reacting to what security researchers and Xaman wallet founder Wietse Wind are calling a massive, highly coordinated phishing and wallet-draining campaign targeting Ripple ($XRP) holders.
If you have seen recent notifications, social media alerts, or direct messages claiming a “Successful release: 10% Ripple Escrow to true $XRP holders,” do not interact with the links. It is a sophisticated malicious setup engineered to siphon your funds instantly.
Anatomy of the 10% Ripple Escrow Scam
Cybercriminals are exploiting the native mechanics of the XRP Ledger (XRPL), specifically targeting users of the popular self-custody wallet, Xaman (formerly Xumm).
The attackers rely on a multi-pronged social engineering strategy to deceive users:
- Fake Voting & Staking Portals: Malicious sites clone the official Xaman branding, claiming users can unlock a portion of Ripple’s locked escrow pool simply by placing a “community vote” or establishing a “Trusted Line.”
- Crypto Drainers: Once a user connects their self-custody wallet to the fraudulent site (using malicious domains like
xamanwallet-token.proorxaman-wallet.com), a script triggers an automated asset drainer. It prompts the user to approve a transaction that signs over control of their tokens. - On-Chain Spam Memos: Attackers are broadcasting mass low-value transactions directly across the XRPL. Because the ledger is open, scammers embed phishing links directly inside the transaction memo fields, forcing the notification to pop up on users’ phones.
Crucial Security Rule: Xaman is a strictly mobile application. Any website prompting you to download a “Xaman Desktop Client” or input your secret numbers (secret keys/mnemonic seed phrases) to claim a reward is 100% fraudulent.
Official Response: “We Don’t Do Giveaways”
Xaman Wallet founder Wietse Wind issued an urgent warning to the community, emphasizing that the underlying security of the XRP Ledger remains perfectly intact. The exploit relies entirely on tricking the user into manually authorizing a transaction.
"No matter the amount of warnings, detection, filtering, alerts in the app and here on social: no scammer can get you if you don't willingly / unknowingly interact with them. Your funds are perfectly safe in Xaman: just don't sign any transaction you don't trust."
- Wietse Wind, Xaman Founder
The developmental team has deployed updated transaction filters within the app to suppress these malicious memo fields, but new phishing domains emerge daily.
See also: [How to Secure Your Crypto Wallet Against Dynamic Drainer Scripts]
How to Protect Your Wallet
If you hold assets on the XRPL, protect your portfolio by practicing strict operational security:
- Never Verify with Seed Phrases: No legitimate airdrop, escrow release, or fork will ever ask for your secret backup phrases or numbers.
- Reject Unsolicited Requests: If you receive an unexpected token or a memo telling you that you have won a prize, ignore it.
- Check the URL: The official ecosystem address is strictly
xaman.app. Cross-verify any external links with verified community channels.
Sources & Verification
- Set up Trusted Line and submit vote on Xaman for eligibility check: main-xaman.com
- Official Alerts via Xaman Help Center
