If you recently received an email from “River Financial” asking you to update your user agreement or hop on a call, there’s a solid chance it wasn’t from River Financial at all. Fraudulent emails impersonating the Bitcoin-focused financial services firm are circulating, employing urgency-laced language designed to prompt immediate action.
The emails reportedly prompt recipients to take immediate action, either by clicking through to update agreements or by scheduling a call with what appears to be a company representative.
How the scam works
Scammers craft emails that mimic the visual identity and tone of River Financial, a US-based Bitcoin brokerage and custody platform founded in 2019 by Alex Leishman and Andrew Benson.
Clicking through likely leads to a phishing page designed to harvest login credentials, personal information, or both. The “schedule a call” variant adds a human element, potentially connecting victims with a live scammer who can extract even more sensitive data through conversation.
River Financial itself has not been compromised. The company’s legitimate operations, which emphasize full-reserve policies and Bitcoin-only services, remain intact. This is a case of brand impersonation, not a platform breach.
Why Bitcoin platforms are prime targets
Phishing scams impersonating cryptocurrency platforms have been increasing in frequency. Bitcoin holders represent an attractive target for scammers because crypto transactions are generally irreversible. Once funds leave a wallet, there’s no bank to call and no chargeback to file.
River Financial has positioned itself as a more institutional-grade, trust-focused platform, having received early-stage investment from firms like Polychain Capital. Its emphasis on education and security makes the impersonation particularly ironic, and potentially more dangerous, because users may associate the brand with trustworthiness and let their guard down.
River has previously provided educational resources to help users recognize fraudulent communications. The standard advice applies here: check the sender’s email address carefully, don’t click links in unexpected emails, and navigate directly to the company’s website by typing the URL manually. If an email creates a sense of panic or urgency, that itself is a red flag.
What investors should watch for
Legitimate companies almost never ask you to update agreements via email links with urgent deadlines. They don’t cold-schedule calls to discuss your account. And they certainly don’t threaten consequences for inaction in the way that phishing emails typically do.
Enable two-factor authentication on every platform you use, preferably with a hardware key or authenticator app rather than SMS. Use unique, strong passwords for each service. And if you receive a suspicious email, forward it to the company’s official support channel rather than engaging with anything in the email itself.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

1 hour ago
17









English (US) ·