TL;DR
- Ripple CTO David Schwartz warned about a rise in phishing attacks impersonating emails from hardware wallet manufacturers to steal seed phrases.
- Scammers are exploiting market weakness and the growing use of stablecoins in cold wallets, increasing the appeal of these devices for cybercriminals.
- Schwartz emphasized that phishing exploits human trust, not technical flaws, and recalled that Coinbase lost $400 million due to social engineering.
Rippleās Chief Technology Officer, David Schwartz, flagged an increase in phishing attacks targeting hardware wallet users.
According to him, scammers send fake emails that mimic official communications from hardware manufacturers, including supposed firmware updates or security checks. The goal is to trick users into entering their seed phrase on an external page, allowing attackers to empty wallets in a matter of seconds.
Attacks Focus on User Carelessness
Schwartz warned that this tactic has become especially frequent in recent weeks, fueled by market weakness. Many investors moved funds into stablecoins and opted to store them in cold wallets, making these devices more attractive to cybercriminals. The decline in exchange activity also reduced exposure to code-based attacks, making the user the most profitable entry point.
The Ripple CTO stressed that phishing remains the most effective attack in the crypto market and that its success depends on psychological manipulation, not technical vulnerabilities. He noted that even major platforms suffered losses for this reason: Coinbase disclosed earlier this year an estimated $400 million in damages caused by social engineering attempts targeting its support team, without any exploits of contracts or code.
Schwartz pointed out that attackers are using increasingly sophisticated tools, such as fake domains, cloned websites, and automated calls with AI-generated voices. The professionalization of these campaigns has made detection much harder, even for experienced users.
The Ripple executive insisted that hardware wallets only maintain their security level if the seed phrase never leaves the device. Once the user enters it in an uncontrolled environment, no measure or cryptographic technology can prevent the attack. According to Schwartz, the real weak point in the crypto ecosystem is not technology or decentralization, but trust and the human tendency to underestimate simple risks. A single mistake, he warned, can cost millions
