Bitdefender Antispam Lab warns of fresh Ripple XRP phishing campaign targeting investors


April 03, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Bitdefender Antispam Lab warns of fresh Ripple XRP phishing campaign targeting investors

Cybercriminals have been conducting a massive phishing campaign impersonating crypto solutions provider Ripple since March 30, Bitdefender Antispam Lab warns.

What is Ripple?

Ripple is a payment protocol and exchange network developed by Ripple Labs Inc, a US tech company and leading provider of crypto solutions for businesses.

XRP, which holds a pre-mined supply of only 100 billion, is the native digital token used by Ripple due to its reliable, carbon-neutral and fast delivery. XRP transactions are solely operated on its decentralized open-source blockchain XRPL or XRP ledger.

How the scam works

Cybercrooks often mimic crypto organizations to defraud users of their digital assets and personal information. The impostor letter allegedly sent from the “Ripple Team” announces a fresh XRP token allocation program to investors.

The email connects users to a fake Ripple blogpost describing the “Token Allocation Program,” and how investors can register their XRP claim.

Before we delve deeper into the latest scam impersonating Ripple, let’s breakdown some important facts:

  • Within 24 hours, the phishing campaign spread globally, more specifically, in the US (31%), the UK (15%), Australia (10%), South Korea (8%), Germany (7%), Japan and South Africa (5% each), Ireland (4%) and Denmark (2%).
  • Limited correspondence also ended up in France, Italy, Romania, the Netherlands, the Czech Republic and Sweden.
  • The fraudulent emails were sent from compromised domains in the US, Brazil, France, Russia, Vietnam, and the Czech Republic, among others.
  • Domain addresses consist of the following:

Subject lines include:

  • More XRP to be distributed
  • Join the Token Allocation
  • Hold XRP and get dividends
  • XRP community incentives
  • Releasing the reward program

Users are advised to connect to RippleNet, a cloned version of the Ripple webpage, where they are given additional instructions to claim their XRP bonus.

Our researchers triggered a 2x Bonus that landed them a 1,247.34 XRP reward, as seen in the screenshot below. They were also given a five-minute window to complete the claim.

To add more credibility to their ruse, the scammers emphasized the importance of using well-known hardware wallets Ledger and Trezor to complete the transaction in both the blogpost and fake token allocation tool platform.

Here's what happens when we attempt to connect:

Recipients who go ahead with the fraudulent token allocation process by using one of the four connection methods will ultimately give attackers the means to empty their wallets.

How can users protect against phishing attacks impersonating Ripple?

Cybercriminals are continuously using social engineering attacks to target cryptocurrency holders via email, text and social media platforms.

To protect digital assets from cybercrooks, crypto investors should scrutinize any form of Ripple correspondence that promote any form of XRP giveaways, information also found in the FAQ page on the official Ripple platform.

“Neither Ripple nor any executive of our company will be offering free giveaways of digital assets,” Ripple said in a 2022 blog post. “Any XRP giveaway is not endorsed by, affiliated with, maintained, authorized or sponsored by Ripple.”

Users should also pay close attention and hover over any embedded links to spot any inconsistencies.

We also advise customers to be extremely cautious when searching for any giveaway campaigns online. In our attempts to investigate the claims of the bogus emails, Bitdefender researchers found that the first two search queries listed on Google connected users to clone versions of the Ripple website.

To fend off similar malicious campaigns:

  • Closely inspect the email sender’s address and URLs
  • Never give out credentials, MFA codes, passwords or your wallet phrase via links received in unsolicited correspondence
  • Don’t install unverified software or access attachments received from unknown recipients
  • Use dedicated software to keep you safe from e-threats

Bitdefender all-in-one plans come with handy features to fend off fraud and phishing attempts that may harm you financially, including:

  • Anti-phishing module that detects and blocks websites that masquerade as legitimate to steal your data or funds
  • Anti-fraud filtering system that warns you against websites that might try to scam you
  • Web attack prevention system that lets you know if an URL can be accessed safely and blocks known infected links
  • A handy password manager, VPN and identity theft protection services, depending on your chosen plan




Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.

View all posts

You might also like