Warning Against Fraudulent Xaman Browser Plugins
Wietse Wind, the founder of Xaman Wallet and a prominent developer in the XRP Ledger community, has issued an urgent warning to users regarding fraudulent browser plugins posing as Xaman extensions. Wind cautioned that no legitimate Xaman Browser plugins exist, labeling all such claims as scams originating from malicious actors.
“DANGER! THERE IS NO Xaman BROWSER PLUGIN! All Xaman browser plugins are FAKE & from SCAMMERS!”
Wind reassured XRP Wallet users that there is no requirement for browser plugins, as every interaction within the XRP ecosystem can be securely conducted through QR codes. He encouraged the community to report any suspicious Xaman plugins they encounter to major web browsers like Chrome and Firefox to mitigate risk.
Official Statements and User Safety
This advisory arises amidst reports of deceptive Chrome extensions that falsely purport to be web versions of the Xaman Wallet, often demanding dubious permissions from unsuspecting users. The official Xaman Wallet Twitter account reiterated this message, emphasizing that their platform does not offer any browser plugins, desktop versions, or associated support through social media or messaging platforms. Instead, users are urged to rely solely on in-app support for assistance.
Moreover, users are advised to safeguard their XRP and assets by avoiding interactions with unsolicited direct messages, unfamiliar links, or emails. Connecting wallets to unverified websites is also strongly discouraged.
Technical Discussions on Multisign Issues
In related discussions, Wind previously addressed a technical issue concerning “nested multisign” amendments aimed at remedying a situation involving a community member who was locked out of their account containing 50,000 XRP due to improper multisign setup. He examined several strategies for overcoming the challenges facing XRPL accounts that become unresponsive if signers alter their key configurations independently.
Although one proposed method involved prohibiting invalid signer setups during transactions, Wind expressed skepticism about its potential effectiveness. Another suggestion was to allow a disabled master key to function as a signer on another’s account, which, while mitigating the immediate issue, contradicts fundamental principles surrounding account states.
Ultimately, the nested multisign strategy, which navigates the signer-of-signer hierarchy and identifies cycles to modify quorums appropriately, emerged as Wind’s preferred solution, preserving the integrity of the definition of “disabled” while restoring access to locked accounts.
