Ripple’s David Schwartz Warns of Phishing Campaign Using Robinhood Emails
Ripple’s CTO Emeritus David Schwartz warned of a phishing campaign using fraudulent emails that appeared to come from Robinhood, exploiting the platform's account creation flow without any system breaches. Robinhood confirmed the incident, urging users to delete the phishing emails and reassuring that no personal data or funds were compromised. This incident highlights ongoing vulnerabilities in email security even for major platforms.
Ripple’s CTO Emeritus David Schwartz posted a warning on X, telling users that a phishing campaign had sent fraudulent security alerts appearing to come from Robinhood’s own email infrastructure. Robinhood has since confirmed the incident, attributing it to an abuse of its account creation flow rather than any breach of its systems. What the Phishing Email Looked Like and How It Got Through According to Schwartz, the fake email, whose subject line was “Your most recent login to Robinhood,” claimed that there was an unrecognized login attempt on an “iPhone 17 Pro” device at a specified time and that an account telephone number ending in “87” would be updated shortly. A “Review Activity Now” button sat at the bottom, alongside a warning that once changes were confirmed, they could not be reversed, which is standard panic-inducing language, designed to make people click before they think. Schwartz said he was not certain of the exact mechanics but believed, based on a quick look, that the emails “were somehow injected into Robinhood’s actual email infrastructure at some point.” That matters because the filters that most email providers use check to see if a message really came from the domain it says it did. If the sending path looks real, those checks pass, and that’s how the fraud landed in Schwartz’s inbox looking exactly like the genuine article. Robinhood’s support account later confirmed that “some customers received a falsified email from noreply@robinhood.com,” adding that the attack exploited its account creation flow and that no systems were breached, no personal information was exposed, and no funds were touched. The company’s guidance was for customers to delete the email, not click anything, and contact Robinhood through the app if worried. A Pattern That Keeps Repeating Reactions on X came quickly, with one user asking how a company of Robinhood’s size could have its official email compromised at all, while another, Demosthenes, noted that scam emails ...
Comments
Log in to comment