XRP holders are being targeted by a sophisticated phishing campaign that uses fake non-fungible tokens (NFTs) to steal funds from unsuspecting users. According to XRP Ledger explorer Bithomp, scammers are distributing fraudulent "reward" and "payout" NFTs that trick victims into approving malicious wallet transactions.
One recent case resulted in a user losing approximately $15,000 after attempting to claim what appeared to be a legitimate "Ripple Payout Token #7357." Instead of receiving a valuable digital asset, the victim unknowingly authorized an NFTokenAcceptOffer transaction that transferred their XRP to a scammer's wallet, leaving them with a worthless NFT.
Bithomp warned that cybercriminals are taking advantage of the XRP Ledger's low transaction costs to mint and distribute hundreds of fake NFTs daily. These tokens often carry convincing names such as "Securing XRPL Proof," "XRP Earning Permit," "XRP Cashback Card," "Ripple Benefit Badge," "Boosting Ripple Card," and "Ripple Grant Voucher" to create a false sense of legitimacy and urgency.
The fake NFTs are typically sent directly to active XRP Ledger wallets or promoted through social media. Victims are then directed to fraudulent websites that ask them to connect their wallets and sign a transaction, unknowingly granting permission for attackers to move their funds.
Security experts advise XRP users to avoid interacting with unsolicited NFTs, reward tokens, or payout offers. Investors should verify any promotions through official Ripple or XRP Ledger channels and carefully review transaction details before approving wallet requests.
The latest phishing campaign highlights the growing threat of cryptocurrency scams worldwide. According to the FBI, crypto-related fraud generated more reported financial losses than any other scam category in 2025, with Americans losing more than $11.3 billion.
Meanwhile, blockchain analytics firm Chainalysis estimates that crypto scams globally stole a record $17 billion in 2026. Impersonation schemes remain among the most common attack methods, while advances in generative artificial intelligence are making fraudulent websites, messages, and social engineering campaigns increasingly difficult to identify.
As phishing tactics continue to evolve, security experts urge XRP investors to remain cautious, verify every transaction, and never approve wallet requests from unknown or untrusted sources.
Comment 0