Robinhood users are confronting a new phishing campaign that rides on Gmail’s native dot alias feature and weaknesses in the platform’s account-creation flow. The emails, which appear to originate from Robinhood’s mail server, warn of an unrecognized device login and direct recipients to malicious sites via a deceptive call-to-action button.

Early reports on social media show users receiving messages that look like legitimate Robinhood alerts. The attackers exploit Gmail’s dot-insensitivity to register nearly identical-looking accounts, then leverage a flaw in Robinhood’s onboarding flow to inject forged content into the automated emails. The result is an email that can slip past common defenses and prompt a user to click through to a phishing page.

Key takeaways

• The attack leverages Gmail’s dot alias behavior to route phishing emails to a target’s inbox by creating Robinhood-style accounts that differ only by a dot in the address.
• Fraudsters embed HTML instructions in the optional “device name” field during Robinhood’s account creation, which Gmail treats as formatting, enabling a seemingly legitimate email with a malicious phishing link.
• The forged message can pass standard email authentication (SPF, DKIM, DMARC), making the email appear trustworthy and increasing the likelihood of a click on the phishing button.
• Victims are at risk mainly if they enter credentials on the fake site; the mere visit does not grant access, but credential input can lead to account compromise.
• Robinhood confirmed that the incident involved abuse of the account creation flow, not a breach of its systems or customer accounts, and no personal data or funds were reported as impacted.

The exploitation mechanics

Experts describe a two-pronged method that underpins the campaign. First, scammers create Robinhood accounts using email addresses that differ only by the presence or absence of a dot in Gmail’s address handling, such as “jane.smith@gmail.com” versus “janesmith@gmail.com.” In the eyes of Robinhood, these are distinct accounts, but Gmail routes mail to the same inbox, enabling fraudsters to seed legitimate-looking communications under a target’s actual address.

Second, attackers exploit the account-creation flow by injecting HTML into the optional “device name” field. Gmail interprets field content as formatting, allowing a phony email to contain a credible header and a convincing call to action. The crafted email can pass SPF, DKIM, and DMARC checks, making it appear as though it truly originates from noreply@robinhood.com. When a recipient clicks the phishing button, they are taken to a counterfeit login page designed to harvest credentials.

Robinhood’s response and user guidance

Robinhood’s official stance was communicated through its support account on X, which acknowledged that some users received a falsified email from “noreply@robinhood.com” with the subject line “Your recent login to Robinhood.” The company attributed the issue to an abuse of the account-creation flow and stressed that there was no breach of Robinhood’s systems or customer accounts, and that personal information and funds were not impacted.

“This phishing attempt was made possible by an abuse of the account creation flow. It was not a breach of our systems or customer accounts, and personal information and funds were not impacted. If you received this email, please delete it and do not click any suspicious links. If you have clicked a suspicious link or have any questions about your account, please contact us directly within the Robinhood app or website.”

Security researchers emphasize prudence: users should avoid clicking unfamiliar links, delete suspicious messages, and contact official Robinhood channels for account questions. The episode also underscores the need for vigilance around onboarding flows and the resilience of email authentication measures, which attackers now appear capable of circumventing in targeted contexts.

Industry context and what’s next

The phishing wave hitting Robinhood arrives amid a broader trend in crypto-security risk. Hacken, a blockchain security firm, reported earlier this month that phishing and social engineering dominated crypto attacks in the first quarter of 2026, accounting for about $306 million in losses. The finding highlights a persistent vulnerability vector in the crypto ecosystem, where attackers increasingly blend social manipulation with technical exploits to bypass conventional safeguards.

For investors, traders, and builders, the episode reinforces several practical considerations. Platforms must tighten onboarding checks to prevent impersonation through dot aliases or other address-equivalence tricks, while improving email authentication and leveraging behavioral signals to distinguish genuine messages from forged ones. Users should practice heightened skepticism with any alert that requests action within a financial app, especially when a message prompts credential input or redirects to a login page. Enabling two-factor authentication, staying within official apps or websites for sign-in, and cross-checking any unusual activity with direct support channels become critical defensive habits in this environment.

Looking ahead, observers will be watching how Robinhood and other platforms shore up their onboarding processes and email security controls. Investigators will also assess whether additional victims were targeted and whether similar dot-alias techniques are leveraged in other services. For now, the incident serves as a pointed reminder that even well-known fintech apps remain vulnerable to technically simple yet highly effective social engineering plays when combined with misconfigurations in onboarding flows.

Readers should watch for updates from Robinhood on account-flow protections and for guidance from security researchers on mitigations that can be deployed both by platforms and by users to reduce exposure to this evolving tactic.

XRP finally gave way at $1.40, and the way it broke matters more than the move itself. This wasn’t a slow drift lower. It was a high-volume push that cleared a level buyers had defended for weeks. Once that kind of support goes, it usually doesn’t snap back quickly. It tends to flip, and that’s exactly the test now.

News Background

• Bitcoin dominance pushed toward 60%, reinforcing a rotation out of altcoins and limiting follow-through demand for XRP.

• The multi-month triangle structure that had been compressing price finally resolved, with the move breaking lower instead of triggering the expected upside expansion.

Price Action Summary

• XRP dropped from $1.44 to $1.39, breaking cleanly through the $1.40 support zone.
• The move was driven by a sharp spike in participation, not thin liquidity.
• Price is now stabilizing just below the breakdown level, trading in a tight $1.39–$1.40 range.

Technical Analysis

• The key shift is structural. $1.40 was support, now it’s resistance unless reclaimed quickly.
• Volume expanding into the breakdown confirms real selling pressure, not just positioning noise.
• The triangle pattern that held price for weeks has resolved lower, removing the compression support.
• Short-term bounces are showing up, but they’re reactive, not strong enough to reverse the move yet.

What traders should watch

• $1.40 is now the pivot. Reclaim it with volume, and the breakdown starts to look like a fakeout.
• $1.37 is the next downside level. Losing that opens the path toward deeper support near $1.31.
• If price keeps holding below $1.40, sellers stay in control and rallies are likely to get sold.

Canada has advanced a bill to block cryptocurrency donations in federal elections, pushing tighter controls on how political funding is handled.

According to Canada’s House of Commons, Bill C-25, known as the Strong and Free Elections Act, cleared its second reading on Friday, allowing lawmakers to move the proposal to committee for detailed review and possible amendments.

Tabled on March 26, the bill would bar political parties and candidates from accepting crypto contributions, with regulators identifying digital assets as a gap in existing campaign finance rules. Lawmakers backing the measure have linked the restriction to concerns around verifying the source of funds and enforcing contribution limits under current law.

No timeline has been set for the committee stage, leaving the pace of further progress dependent on parliamentary scheduling.

The decision to restrict crypto in elections is unfolding alongside efforts to define how digital assets fit within the financial system. Regulators have been working on stablecoin oversight frameworks that would expand the role of the central bank while refining rules for custody, investment funds, and storage practices.

Policy direction has taken shape under Prime Minister Mark Carney, who has previously expressed skepticism toward cryptocurrencies. Despite that, Canadian authorities have continued to build a structured regulatory approach, separating financial system integration from political use cases where tighter limits are now being proposed.

Crypto donations face growing scrutiny across democracies

Debate around crypto-linked political funding has intensified beyond Canada, with similar concerns raised in other jurisdictions. In the United Kingdom, the Joint Committee on the National Security Strategy warned in its March 18 report that cryptocurrency donations pose risks to transparency and national security due to difficulties in tracing their origin.

The UK committee called for an immediate halt to such donations until clearer rules are introduced, citing the possibility of foreign actors attempting to influence political outcomes. Lawmakers also proposed stricter disclosure thresholds and stronger penalties tied to foreign funding violations.

Republican US Senator Thom Tillis said he won’t support the Senate’s crypto market structure bill unless it includes ethics provisions limiting how White House officials can use crypto.

“There has to be ethics language in the bill before it leaves the Senate, or I’ll go from one of the people working on negotiating it to voting against it,” Tillis told Politico on Monday.

Democratic Senator Ruben Gallego said that there is “no final bill — there is no final movement — unless there is a bipartisan agreement when it comes to the ethics provision.”

Tillis, who is retiring early next year, is a senior member of the Senate Banking Committee, which is key to advancing the Senate bill. The House passed a version of it, called the CLARITY Act, in July.

Thom Tillis, pictured at a meeting in 2024, says he won’t support a crypto bill without an ethics provision. Source: City of Greenville, North Carolina

The bill carves up crypto regulation between the Commodity Futures Trading Commission and the Securities and Exchange Commission and has been plagued by delays as lawmakers and lobbyists seek to add provisions on ethics and stablecoin yield payments.

Democratic lawmakers have heavily criticized the Trump family’s expanding crypto businesses and have sought to use the bill to crack down on a perceived conflict of interest.

Related: Canada advances bill to ban crypto political donations

Now, lawmakers are reportedly saying talks on the ethics provisions are moving forward, but it’s not clear what the language will be.

“We’re making progress,” Democratic Senator Adam Schiff told Politico. “We have been talking for a long time without making much progress, and now that other parts of the bill are starting to come together, we’re narrowing our differences.”

Schiff said earlier this year that Democrats want “a ban on sponsoring, endorsing or issuing digital assets that applies to all federal employees,” including the president, who has backed a memecoin and non-fungible tokens bearing his name and likeness.

Magazine: Will the CLARITY Act be good — or bad — for DeFi?

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

Solana validator clients Anza and Firedancer have introduced a test version of Falcon, a post-quantum signature solution built to prepare the network for future quantum risks.

The update comes as blockchain developers assess how quantum computers may affect public-key cryptography. Falcon aims to give Solana a ready option if stronger quantum protection becomes needed.

Anza and Firedancer said Falcon was designed for high-throughput blockchain use. The teams said it can be activated “if and when the time comes,” referring to the possible point when quantum computers can break current encryption systems.

Jump Crypto, the team behind Firedancer, said Falcon-512 offers the smallest signature among post-quantum signature standards selected by the U.S. National Institute of Standards and Technology. Smaller signatures may help Solana protect speed, bandwidth, and storage efficiency.

Jump Crypto says performance should remain stable

The teams said the migration process would be manageable and fast when required. They also said network performance should not face a major change from the shift.

“The migration work is manageable, the transition can happen quickly when the time is right, and network performance is not expected to see a meaningful impact,” the announcement said.

Jump Crypto added that Falcon signature verification is not hard to implement. It also said signing happens off-chain, which may reduce pressure on Solana’s network during normal activity.

Moreover, Anza and Firedancer said they researched post-quantum tools separately before reaching the same view. Both teams agreed that Solana needs a clear quantum readiness path before any future threat becomes active.

The two clients have already added early Falcon versions to their GitHub repositories. Data from Anza’s GitHub account shows work on Falcon has been underway since at least Jan. 27, 2026.

Quantum concerns continue across crypto

Falcon is not the first quantum-related tool in the Solana ecosystem. Blueshift’s Winternitz Vault has offered optional quantum security on Solana since January 2025, but it is not a protocol-level upgrade.

The wider crypto sector continues to debate quantum threats. Google and California Institute of Technology researchers recently said useful quantum computers may arrive sooner than earlier estimates. Google also claimed such systems may one day break Bitcoin cryptography within ten minutes.

However, some industry figures have played down the near-term risk. Blockstream CEO Adam Back said current quantum computers remain “essentially lab experiments” and argued that a real threat may still be decades away.

Robinhood users are being warned about a new phishing attack that takes advantage of Gmail’s native “dot alias” feature and flaws in Robinhood’s account creation process to send malicious emails.  

Robinhood users on Sunday began reporting on social media of emails originating from the platform’s mail server warning of an unrecognized device login, which linked to phishing websites in the “call to action” button.

Source: David Gobaud

Alex Eckelberry, a cybersecurity researcher and tech CEO, said the phishing campaign wasn’t the result of a hack but instead exploited a native Gmail characteristic that ignores dots in an email address, as well as a “couple of terrible holes” in Robinhood’s account setup.

It comes after blockchain security company Hacken reported earlier this month that phishing and social engineering attacks dominated crypto attacks in the first quarter of 2026, accounting for $306 million in losses.

Source: Alex Eckelberry

Hackers created fake Robinhood accounts

Eckelberry said the scam relied on fraudsters creating an account on Robinhood with an email closely mimicking their target’s email address. 

For example, a Robinhood user could have an email address such as “jane.smith@gmail.com.” The scammer would create a new Robinhood account with an email without the dot in the middle, such as “janesmith@gmail.com.”

While Robinhood would treat them as completely separate accounts, Gmail ignores dots in the username part of an email address. This means scammers could prompt Robinhood to automatically send emails intended for their fake account, but have them arrive in their target’s inbox instead. 

To get a phishing link into the automated email sent when a new Robinhood account is created, the scammers would then add HTML instructions to the optional “device name” field on Robinhood, which Gmail treats as formatting instructions. 

Source: Abdel

“The result is a real email from “noreply@robinhood.com” that passes SPF, DKIM, and DMARC. It looks completely legitimate but now contains injected fake warning text and a working phishing button. Clicking the button leads to a fake login site,” Eckelberry said. 

The email is only dangerous if information is added

Visiting the fake login website alone isn’t enough for hackers to gain access to an account, Eckelberry said, but entering sensitive information such as passwords could allow bad actors to do so.

Related: Robinhood Q4 earnings miss as crypto revenues decline

Robinhood’s support account on X posted a statement on Monday confirming that some users received a falsified email from “noreply@robinhood.com” with the subject line “Your recent login to Robinhood” and blamed the issue on an exploit of the “account creation flow.”

“This phishing attempt was made possible by an abuse of the account creation flow. It was not a breach of our systems or customer accounts, and personal information and funds were not impacted,” they said.

“If you received this email, please delete it and do not click any suspicious links. If you have clicked a suspicious link or have any questions about your account, please contact us directly within the Robinhood app or website.”

Magazine: Should users be allowed to bet on war and death in prediction markets? 

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

Two of Solana’s most-used validator clients have implemented a test version of a new post-quantum signature solution, Falcon, to help prepare the Solana network for future quantum threats.

In an announcement on Monday, Anza and Firedancer said Falcon is built for “high-throughput blockchain use” and that it can be activated “if and when the time comes” — an apparent reference to Q-Day, the point at which quantum computers become powerful enough to break public-key encryption.

“The migration work is manageable, the transition can happen quickly when the time is right, and network performance is not expected to see a meaningful impact.”

Source: Solana Foundation

Concerns that quantum computers could eventually break blockchain cryptography have fueled worries about private keys and wallet security, prompting broader debate over how the sector should prepare as the technology develops.

One of those concerns has revolved around building quantum solutions that don’t impair blockchain performance by increasing bandwidth and storage.

To address that issue, Jump Crypto, the crypto infrastructure platform behind Firedancer, said Falcon-512 was built to generate the smallest signature currently among the US National Institute of Standards and Technology’s selected post-quantum signature standards.

It added that Falcon signature verification is “not complex to implement” and that signing is executed off-chain.

Solana ecosystem aligned with quantum plan

Anza and Firedancer said they independently researched quantum solutions and both concluded that quantum readiness is necessary before agreeing to build Falcon.

Both validator clients have implemented an initial version of Falcon in their GitHub repositories.

Data from Anza’s GitHub account shows that the development team has been working on Falcon since at least Jan. 27, 2026.

Falcon isn’t the first quantum solution floated in the Solana ecosystem.

Blueshift’s Winternitz Vault has offered quantum security to Solana since January 2025, though it was designed as an optional add-on for users and thus isn’t a protocol-level upgrade.

Related: Google targets 2029 post-quantum migration as threats draw nearer

The push comes as Google and California Institute of Technology researchers said last month that functional quantum computers could arrive sooner than expected and that they require far less computing power to break cryptography than previously thought.

Google even claimed that quantum computers could potentially break Bitcoin’s cryptography within ten minutes, allowing hackers to perform an “on-spend” attack.

However, Blockstream CEO Adam Back said current quantum computers are “essentially lab experiments” and that no real threat will emerge for decades.

Magazine: Bitcoin may take 7 years to upgrade to post-quantum: BIP-360 co-author

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

Bitcoin has been rejected at $79,000 three times in eight sessions. The level is now defining the range.

Bitcoin traded at $76,923 on Tuesday morning, down 2.4% over 24 hours after climbing to $79,399 on Monday and reversing through the day. Ether fell 3.7% to $2,290, XRP slipped 3.2% to $1.39, Solana dropped 3.9% to $84.10, and BNB declined 1.8% to $625. The whole top 10 closed red on 24 hours outside Tron and Dogecoin.

Brent crude rose 1% to above $109 a barrel, extending its rally to a seventh day after Iran’s interim deal proposal to reopen the Strait of Hormuz failed to advance over the weekend. The White House said US officials were discussing the latest Iranian proposal but maintained “red lines” on any deal to end the eight-week war.

The MSCI Asia Pacific Index was little changed, with Japanese stocks supported by the Bank of Japan’s 6-3 split decision to keep policy unchanged. The yen strengthened 0.3% to around 159 per dollar.

Two readings of the bitcoin tape are circulating among market analysts.

Mike Novogratz of Galaxy Digital said in a note that US retail investors have returned to the market and the combination of retail demand, institutional capital, and limited supply creates the foundation for further upside. Santiment data shows whales accumulated more than 40,000 BTC over the past two weeks, and the firm flagged a sharp shift in sentiment from fear to fear-of-missing-out over a short period.

Analysis firm CryptoQuant takes the opposite view. Founder Ki Young-Ju said in an X post that bitcoin’s push above $79,000 was driven primarily by a short squeeze in the derivatives market rather than sustained spot demand, and that large-scale short covering leaves the market vulnerable to a reversal once the squeeze exhausts.

Funding rates on perpetual futures across major exchanges remain negative on a 7-day basis at -0.13% per Coinglass, meaning shorts are still paying longs to hold positions, the pattern that historically precedes both squeezes and the unwinding of squeezes.

The two views are not mutually exclusive. Spot demand from retail and institutions can be returning at the same time that the rally toward $79,000 was front-loaded by short covering. The test is whether the next attempt at the level brings fresh spot bids or runs out of shorts to squeeze.

Corporate accumulation continues regardless. Strategy bought $3.9 billion of bitcoin in April per Bloomberg, the firm’s largest monthly accumulation in a year.

Japanese company Metaplanet announced a $50 million bond issuance Tuesday to finance new bitcoin purchases, the latest in a series of yen-denominated debt deals the firm has used to build one of the largest corporate bitcoin treasuries outside the US.

The week’s catalysts arrive Wednesday and Thursday.

The Federal Reserve announces its policy decision Wednesday with traders pricing higher odds of a rate cut after the Justice Department closed its probe into Fed Chair Jerome Powell.

Megacap tech earnings from Alphabet, Microsoft, Amazon, and Meta on Wednesday and Apple on Thursday represent roughly a quarter of the S&P 500’s market capitalization.

Either the Fed or a strong earnings beat could provide the catalyst needed to push bitcoin through $80,000. Without one, the third rejection from the level starts to define the upper end of the range rather than precede a breakout.

Bitcoin miner MARA Holdings launched the MARA Foundation on Monday to support the health of the Bitcoin network and the communities that rely on it as a tool for financial sovereignty.

The MARA Foundation said it plans to implement measures to “harden Bitcoin against security threats,” including quantum computing, while also expanding access to self-custodial Bitcoin (BTC) and offering a range of educational resources, MARA said after announcing the new foundation at the Bitcoin 2026 conference in Las Vegas on Monday.

It also plans to support the “development of a robust and healthy fee market for Bitcoin transactions,” it said. 

“We believe Bitcoin embodies the most powerful tool for financial sovereignty, economic resilience, and human freedom in the world,” the Bitcoin miner said, explaining its commitment to protect the “core properties that make Bitcoin sound, durable money.”

Source: MARA Holdings

MARA’s commitment to Bitcoin comes as corporate Bitcoin miners have expanded into AI and high-performance computing in search of higher-revenue opportunities. Bitcoin hashrate, a measure of the computational power employed by miners to secure the Bitcoin network, has fallen 28.8% since September. 

MARA has a $100,000 contribution to send out

The newly formed MARA Foundation is set to start with a $100,000 contribution fund and is asking the public to vote on which of three Bitcoin companies should receive the funds. 

The three candidates are the open-source Bitcoin mining platform 256 Foundation, the Latin American Bitcoin education platform Libreria de Satoshi and SafeNet, a Bitcoin-powered, community-operated wireless network serving underprivileged communities.

Related: Vitalik Buterin outlines quantum resistance roadmap for Ethereum

MARA said one of the foundation’s missions is to enable “financial sovereignty worldwide,” particularly in the “Global South” — mostly Africa and Latin America — where “Bitcoin is being used as a tool to escape financial oppression in jurisdictions affected by hyperinflation, confiscatory policy, and restrictions on financial freedom.”

“We are committed to supporting communities using Bitcoin to expand access to sound money and strengthen local economies,” it added.

MARA also plans to share a range of educational resources with both Bitcoin developers and policymakers.

Magazine: Bitcoin may take 7 years to upgrade to post-quantum: BIP-360 co-author

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.