Phishing scam steals secret keys of XRP users using homoglyph domain

Published by Cyber Flows on

Scammers are trying to steal secret keys of XRP users, crypto forensic expert Xrplorer warned yesterday. According to a report by the crypto analyst, the elaborate phishing scam lured victims under the false pretext of obtaining free tokens from Ripple in a “grand giveaway”. The scam dates back to as early as January 17, 2020, and has managed to rob victims of over 2,100,000 XRP ($399,000).

Scammers sent small amounts of XRP to various addresses on the XRP ledger with memo messages that read, “Starting February 1, 2020, Ripple is releasing 3 Billion XRP to incentivize network users. Get 25% more XRP added to your account balance in just minutes.” The link on the memo led unsuspecting users to what appeared to be Ripple’s Insights blog offering a promotional giveaway.

“The entire heist operation is an elaborate setup with messages sent to XRP accounts based on their holdings, homoglyph domains, fake but trustworthy marketing material, tools to collect secret keys that also checks the balance on the XRPL and much more,” the report said.

The primary feature of the scam was the use of homoglyph domains to convince users of the legitimacy of the website. A homoglyph is a character that can be substituted for another with very little noticeable difference. In this case, scammers used a well-crafted website with the exact replica of templates used in the original Ripple Insights blog to appear legitimate. They also acquired a homoglyph domain name “rí” to replace the original “” to ensure that the fake site appeared real at a glance.

The report advised users to be diligent and always recheck the domain name for any homoglyph characters to help them spot a fake website. “If it sounds too good to be true, it probably is. If you have to send money to participate, or even worse, send your account information and secret keys, don’t do it,” the report suggested.

According to Xrplorer, a new wave of phishing attacks emerged in May. Scammers are now sending spam emails with links to fraudulent websites to those interested in XRP and cryptocurrency. The email scam targeting crypto users is still ongoing, the report cautioned.

Scammers managed to lure users to new fake websites for more than a month, the report stated. They also laundered 1,980,000 XRP mainly through to swap services ChangeNOW and CoinSwitch. The report further urged victims to file a complaint with their local police.


Translate »