Ripple CTO names human error top threat to hardware wallet security

TLDR

• Ripple CTO says phishing scams are now the main threat to hardware wallets.
• Fake firmware updates are being used to steal seed phrases from users.
• Phishing attacks surged as more users moved assets to cold storage.
• Coinbase lost $400M to social engineering scams targeting support staff.

With crypto markets under pressure, phishing scams are increasing. Ripple CTO David Schwartz has warned that users of hardware wallets are being targeted more often. Attackers are using fake emails and websites to steal seed phrases. These phrases unlock full access to a user’s funds. As investors shift assets to cold storage, hackers are also shifting focus. The biggest risk right now is not the technology — it’s human error.

Phishing Attacks Focus on Seed Phrases

Ripple CTO David Schwartz recently pointed to a growing trend in phishing scams targeting hardware wallet users. According to Schwartz, attackers are tricking users into typing their seed phrases into fake sites or apps. These seed phrases act as the private keys to crypto wallets, and entering them on any site outside the device itself puts all funds at risk.

Phishing messages often appear as urgent security updates, firmware upgrades, or account verification checks. These are sent via email or direct messages, and sometimes they mimic the look of official wallet providers. Once a user enters the phrase, the wallet can be accessed remotely and emptied within minutes. Schwartz noted that inboxes are being filled with these fake requests, calling the issue urgent.

Cold Storage Is Being Targeted

As market conditions remain uncertain, many investors are choosing to hold their assets in stablecoins and store them in cold wallets. This shift makes hardware wallets a more attractive target for scammers. Unlike hot wallets connected to the internet, cold wallets are usually safer, but only if users never share their seed phrases.

Scammers are aware of this. So instead of trying to break the device or the cryptographic systems, they aim to break the user’s trust. Fake firmware updates and cloned customer service pages are commonly used. Once users are tricked into typing the seed phrase outside the secure environment of the wallet, attackers can take control of the funds.

Social Engineering Remains Crypto’s Biggest Risk

Phishing has become the most effective method of attack in the crypto space. Schwartz explained that these scams don’t attack the code; they attack the person. “The bait is always the same,” he said, referring to the request for the seed phrase outside of the wallet.

This method of fraud is not new, but it continues to cause high losses. Earlier in the year, Coinbase reported losses of around $400 million due to social engineering attacks on its support staff. These attacks did not involve smart contract flaws or blockchain bugs but relied entirely on tricking people into giving access or approving fake requests.

Scammers Use More Advanced Tools

Cybercriminals are using more advanced methods to look legitimate. They now create fake websites that copy the real ones exactly. They also use AI to make fake phone calls sound more real and spoof domains to confuse users. These tools are being used to support phishing attempts and make them harder to spot.

Wallet makers are finding it harder to keep up with these new threats. They advise users never to type seed phrases into any form or website. The device itself is the only safe place to use it. Once the phrase is shared, there is no way to reverse the action or recover the funds.

Human Error Is the Core Problem

According to Schwartz, hardware wallets are secure by design, but they cannot protect against human mistakes. The most common mistake is giving away the seed phrase during a phishing attack. Once that happens, the wallet’s security cannot help.

The main weakness in the crypto space is not the blockchain or wallet software but people being tricked. Schwartz said, “Phishing sidesteps cryptography and exploits trust,” explaining why the issue needs immediate attention from all users.

The post Ripple CTO names human error top threat to hardware wallet security appeared first on CoinCentral.