TL;DR
- Mandatory Updates Risk: Ripple CTO David Schwartz warns that forced wallet updates create urgency, exposing users to phishing scams, fake update prompts, and even permanent device damage.
- User Autonomy: Schwartz advocates giving users control to install updates calmly at their convenience, allowing time for verification and research.
- Industry Context: His remarks follow Trezorās scam alert, reinforcing ongoing debates about wallet security and highlighting Rippleās commitment to safeguards.
Ripple Chief Technology Officer David Schwartz has issued a strong warning to crypto wallet manufacturers, urging them to rethink how they deliver software and firmware updates. His comments highlight the risks of mandatory updates, stressing that rushed processes can expose users to phishing attacks, fake updates, or even permanent device damage. Schwartzās intervention reflects a broader push for user-centric security practices in the crypto ecosystem.
Schwartzās Warning on Mandatory Updates
In a post shared on X, Schwartz cautioned wallet makers against forcing users into immediate updates unless absolutely necessary. He argued that mandatory updates often create urgency, leading users to bypass critical verification steps. This rushed environment increases vulnerability to scams and technical errors. According to Schwartz, updates should only be enforced when addressing urgent threats, not routine improvements.
Crypto wallet manufacturers:
Please do not make software/firmware updates mandatory unless *absolutely* necessary. Sometimes we need to do things in a hurry and forcing us to make updates in a hurry to get to do the thing we really need to do creates grave risk needlessly.— David 'JoelKatz' Schwartz (@JoelKatz) December 26, 2025
Risks of Rushed Firmware Changes
Schwartz emphasized that hurried updates can have severe consequences. Users under pressure may fail to authenticate properly, opening the door to phishing attempts. Moreover, technical mistakes during rushed installations could permanently damage hardware wallets. By highlighting these dangers, Schwartz underscored the importance of balancing security with usability, ensuring that protective measures do not inadvertently harm the very users they aim to safeguard.
Advocating User Control in Security
The Ripple CTO proposed a more user-friendly approach: notify users of available updates but allow them to install at their convenience. He explained that calm, deliberate updates give users time to research, verify authenticity, and avoid unnecessary risks. This philosophy aligns with broader crypto security principles that prioritize user autonomy and minimize friction in critical operations.
Industry Context and Recent Alerts
Schwartzās comments came shortly after hardware wallet provider Trezor warned of potential scams targeting users. His stance adds weight to ongoing debates about best practices in wallet security. While updates remain essential for patching vulnerabilities and adding features, Schwartz insists they should not be mandatory unless addressing immediate threats. His remarks reaffirm Rippleās commitment to safeguarding the ecosystem through pragmatic, user-focused measures.
