Ripple CTO David Schwartz Warns Robinhood Users Over Phishing Emails as Exchange Expands in Singapore

TLDR

• David Schwartz warned that some phishing emails may appear to come from Robinhood’s real email system.
• The scam used realistic account alert emails with login and device details to target Robinhood users.
• Schwartz said early signs point to malicious content being injected into Robinhood’s notification system.
• Robinhood received in-principle approval from MAS to offer brokerage services in Singapore.
• The Singapore approval could let Robinhood offer securities, derivatives, custody and fund services later.

Ripple CTO Emeritus David Schwartz has warned crypto users about a phishing campaign targeting Robinhood customers, saying emails that appear to come from the platform should not be trusted for now. In a post on X, Schwartz said the messages may actually be sent through Robinhood’s own email system, which makes the scam harder to spot than standard phishing attempts that rely on fake domains or poorly copied branding.

The warning gained attention because Schwartz shared an example of what looked like a normal security alert tied to unrecognized account activity. The email appeared to include the kind of account and device details users would expect in a legitimate notice, but the concern raised by Schwartz was that the message could still be malicious even if it passed normal authentication checks and looked genuine on the surface.

That has added another layer of scrutiny around Robinhood at a time when the company is already drawing attention for its international expansion. Robinhood said last week that it had received in-principle approval from the Monetary Authority of Singapore to offer brokerage services through Robinhood Singapore Pte. Ltd., a step that moves the company closer to launching a broader regulated brokerage operation in one of Asia’s main financial hubs.

Ripple CTO Flags a More Convincing Type of Scam

Schwartz’s post stood out because it described a phishing method that appears to use Robinhood’s real delivery infrastructure rather than a lookalike sender. That means users may not be able to rely only on the sender name, branding or basic authenticity markers when deciding whether a message is safe. The warning suggested that even a message arriving through what appears to be Robinhood’s own system may still contain links or prompts designed to steal credentials or redirect users to a malicious destination.

The episode also revived broader concerns about how phishing campaigns against crypto and trading users are evolving. Rather than relying on crude fake emails, attackers are increasingly trying to mimic real account alerts, login warnings and support messages. In Robinhood’s own scam guidance, the company says users should avoid selecting links or buttons inside emails and should instead log in directly through the app or Robinhood.com. Robinhood also says it will never ask for login details through support channels.

However, according to Robinhood’s support team, customers are to report suspected phishing to ReportPhishing@robinhood.com and to contact support directly through the app or official website if they believe there has been unauthorised activity. The company also warns users not to rely on phone numbers found through search engines, noting that fake support numbers are often used in fraud attempts.

Singapore Approval Adds to Robinhood’s Asia Push

While the phishing warning circulated, Robinhood has been moving forward with its Asia-Pacific plans. As we reported, the company said the Singapore approval covers brokerage services and reflects the regulator’s view that a licence may be issued if specified conditions are met and no material adverse developments arise. Robinhood added that the approval does not itself amount to a full licence.

Robinhood said that, if a full licence is later granted, its Singapore business would be able to offer brokerage services including securities and exchange-traded derivatives, along with custody, product financing and collective investment funds. The company also described Singapore as its Asia-Pacific headquarters, while noting that Bitstamp Asia Pte. Ltd., its subsidiary in the region, already holds a Major Payment Institution licence from MAS for digital payment services.

That combination places Robinhood in a position where its corporate expansion and its platform-security perception are being watched at the same time. The warning from Schwartz did not address Robinhood’s Singapore operations directly, but it arrived during a week when the company was trying to show progress in a tightly regulated market that places a premium on operational controls and customer protection.

The post Ripple CTO David Schwartz Warns Robinhood Users Over Phishing Emails as Exchange Expands in Singapore appeared first on CoinCentral.