Key Insights:
- A recent crypto news showed that former Ripple CTO David Schwartz flashed a phishing email scam related to Robinhood.
- The email seemed to come from Robinhood’s official email and bypassed authentication indicators.
- It raises alarm as major DeFi attacks on Drift Protocol and KelpDAO this month.
In crypto news today, Ripple CTO Emeritus David Schwartz has alerted users to a new sophisticated phishing scam targeting the users of Robinhood. It features emails purportedly from Robinhood’s official mail id.
Crypto News: Former Ripple CTO Posts Alert On X
Schwartz wrote in a post on X, “WARNING: Any emails you get that appear to be from Robinhood (and may actually be from their email system) are phishing attempts.”
He attached a picture of an email with the subject line “Your recent login to Robinhood.”
Moreover, the crypto phishing email also contains information such as the device, the time of the login, and a link to “Review Activity Now.” The email looked authentic.
It bore the Robinhood logo and was sent from an official-looking email address ([email protected]). It also bypasses SPF, DKIM, and DMARC authentication, which makes it difficult for users to identify the threat.
The email is alerting the user to “unrecognized activity” and encourages them to review changes. However, the phishing element was in the body of the email rather than the call-to-action button.
Schwartz also responded to questions around how Robinhood’s email was hacked, per the crypto news update today. He added, “I’m not sure exactly what’s going on, but it seems like these emails were somehow injected into Robinhood’s actual email infrastructure at some point.”
How Did Hackers Execute This Crypto Phishing Attack?
Cubby Law CTO Abdel Sabbah explained how the attack was carried out. He said that hackers use Gmail’s “dot trick” to set up similar accounts linked to the target’s email.
The hackers then use device names that are set in HTML code, which is rendered within Robinhood’s auto-generated “unrecognized activity” email, without sanitization. This enables the link to be part of the warning. Thus, Schwartz called the hack “sneaky.”
The crypto news on phishing exploit comes as Robinhood is set to report earnings on April 28. The company is expected to report earnings per share of $0.40 for the March 2016 quarter, with revenue of $1.15 billion, according to Zacks estimates.
Revenue growth year-over-year is projected to be 23.74%, while EPS growth is 8.11%.
Major Crypto Hack Events In April
The scam comes amid a raft of high-profile crypto security incidents in April. In another crypto news, on April 1, Drift Protocol was drained of $285 million in user funds.
According to TRM Labs, the attack was not a smart contract vulnerability, but rather a six-month social engineering operation. The attack involved external actors reportedly gaining internal access over a period of time.
They adjusted permissions and processes before launching the attack, and is one of the largest DeFi hacks of 2026.
On April 18, KelpDAO experienced another attack compromising $292 million of rsETH tokens. The attack, according to a report from Chainalysis, was not on the code of the protocol. Rather, it was an off-chain attack. At the time, hackers targeted RPC nodes tied to a LayerZero bridge.
These nodes provided false information to the protocol, claiming that a notable number of tokens had been burned on an “origin chain.”
The bridge then released 116,500 rsETH to the hacker, based on this misleading information. This attack has been referred to as a “phantom burn.”