Blockstream Jade phishing is a malicious email campaign impersonating a firmware update to trick users into downloading a fake update and surrendering keys; Blockstream confirmed it never sends firmware via email and said no user data was compromised. Follow verified update steps to avoid loss.
Scam impersonates Blockstream Jade firmware update to steal keys.
Blockstream confirmed it never distributes firmware files by email and reported no data breach.
Phishing cost crypto users $12M in August; scams and hacks totaled $3.1B in H1 2025 (Scam Sniffer, Hacken).
Blockstream Jade phishing alert: verify firmware updates and protect keys — learn steps to stay safe now.
What is Blockstream Jade phishing?
Blockstream Jade phishing is a targeted email scam that impersonates Blockstream to push a fake firmware update link, aiming to harvest private keys or install malware. Blockstream warned users it never sends firmware attachments by email and confirmed no credentials were compromised in this campaign.
‘,
‘
🚀 Advanced Trading Tools Await You!
Maximize your potential. Join now and start trading!
‘,
‘
📈 Professional Trading Platform
Leverage advanced tools and a wide range of coins to boost your investments. Sign up now!
‘
];
var adplace = document.getElementById(“ads-bitget”);
if (adplace) {
var sessperindex = parseInt(sessionStorage.getItem(“adsindexBitget”));
var adsindex = isNaN(sessperindex) ? Math.floor(Math.random() * adscodesBitget.length) : sessperindex;
adplace.innerHTML = adscodesBitget[adsindex];
sessperindex = adsindex === adscodesBitget.length – 1 ? 0 : adsindex + 1;
sessionStorage.setItem(“adsindexBitget”, sessperindex);
}
})();
How does hardware wallet phishing operate?
Hardware wallet phishing typically uses urgent, legitimate-looking messages to trick recipients into clicking links or opening attachments. Attackers craft URLs nearly identical to official sites, substitute characters (e.g., “0” for “o”), or host malicious payloads on lookalike domains. In this campaign, the email directed users to download a purported Blockstream Jade firmware file that led to a malicious site.
Blockstream warned users about an email phishing campaign falsely offering a Blockstream Jade firmware update; the message linked to a malicious site and did not involve an actual Blockstream firmware release.
Source: Blockstream
Why is this threat significant now?
Phishing volume and sophistication rose in mid-2025. Anti-scam service Scam Sniffer reports phishing scams cost over $12 million in August and impacted 15,000+ victims, a 67% increase month-over-month. Blockchain security firm Hacken recorded $3.1 billion lost to scams and hacks in H1 2025, underscoring elevated risks for hardware wallet users.
‘,
‘
🔒 Secure and Fast Transactions
Diversify your investments with a wide range of coins. Join now!
‘,
‘
💎 The Easiest Way to Invest in Crypto
Dont wait to get started. Click now and discover the advantages!
‘
];
var adplace = document.getElementById(“ads-binance”);
if (adplace) {
var sessperindex = parseInt(sessionStorage.getItem(“adsindexBinance”));
var adsindex = isNaN(sessperindex) ? Math.floor(Math.random() * adscodesBinance.length) : sessperindex;
adplace.innerHTML = adscodesBinance[adsindex];
sessperindex = adsindex === adscodesBinance.length – 1 ? 0 : adsindex + 1;
sessionStorage.setItem(“adsindexBinance”, sessperindex);
}
})();
Verify firmware authenticity before downloading. Check official vendor announcements on validated channels and compare checksum hashes published on the official site. Always download firmware directly from the hardware wallet vendor’s official site or via the wallet’s verified update tool. Never install firmware received via unsolicited email.
Blockstream confirmed it did not distribute firmware by email and stated that no user data was compromised in this phishing incident. The company urged users to follow official update procedures.
If you clicked a malicious link, disconnect the device from the internet, do not enter seed phrases or passwords, and use a clean device to check for unauthorized transactions. Consider moving funds to a new, secure wallet after verifying device integrity.
Look for HTTPS and a valid certificate, but do not rely solely on that. Cross-check the domain against the vendor’s official site, confirm posted checksums, and prefer direct downloads from the vendor’s verified pages or official app.
‘
];
var adplace = document.getElementById(“ads-htx”);
if (adplace) {
var sessperindex = parseInt(sessionStorage.getItem(“adsindexHtx”));
var adsindex = isNaN(sessperindex) ? Math.floor(Math.random() * adscodesHtx.length) : sessperindex;
adplace.innerHTML = adscodesHtx[adsindex];
sessperindex = adsindex === adscodesHtx.length – 1 ? 0 : adsindex + 1;
sessionStorage.setItem(“adsindexHtx”, sessperindex);
}
})();