TL;DR:
- One network investor lost a total of 14,646 tokens after interacting with a malicious message in their wallet.
- The fraudulent transaction represented a drain of funds equivalent to $16,800 at the time of the incident.
- The destination address used by the attackers had already been reported on major block explorers.
Alarms are sounding once again in the crypto ecosystem due to a succession of cyberattacks. During Monday’s session, it was confirmed that an investor lost thousands of assets because of a malicious alert. The incident specifically targeted XRP holders, who now face fraudulent schemes designed to mimic official communication requests from the network.
🚨 SCAM ALERT
XRP holder just lost 14,646 XRP (~$16.8K) to a payment request attack.The bait? 10% monthly rewards + a memo that reads Safe XRPL verify message
That word Safe in the memo? The attacker wrote it themselves. The destination wallet is literally flagged as FRAUD on… pic.twitter.com/xFCRJcBjnm
— Xaif Crypto (@Xaif_Crypto) June 22, 2026
Manipulation through network verification messages
According to reports from blockchain transaction analysts, hackers distributed a series of deceptive notifications under the assumed benefit of a legitimate rewards process. The affected user transferred their funds to an external wallet after receiving a message that simulated being a payment request verified by the system.
Technical data from the transfer shows that the victim included a text field or “memo” preconfigured by cybercriminals with the phrase “Safe XRPL verify message.” This specific label generated a false sense of security for the user, leading them to believe that the capital movement was part of a routine authentication protocol within the technological infrastructure.
Methods of deception and asset blocking
The destination wallet used by the scammers was already on the blacklists of multiple financial monitoring tools before the operation was executed. According to data provided by researchers from the X community, these types of attacks exploit technical unfamiliarity with customization fields in decentralized ledger transfers.
Security analysis platforms remind users that transactions in this decentralized environment are completely irreversible once confirmed by consensus nodes.
Preventive measures against malicious offers
Wallet developers constantly remind users that no automated network system requests the sending of capital to validate a account’s status.
Security teams recommend that users ignore any notification that promises unusual dividends or requires interacting with unverified contracts. Likewise, it is advised to recurrently verify addresses using public block explorers to check the reputation history of recipients before processing a shipment.
