Blockstream Issues Alert Over Fake Email Phishing Campaign Targeting Hardware Wallet Users
Blockstream issued an pressing safety alert warning customers a few subtle phishing marketing campaign concentrating on Jade {hardware} pockets homeowners by means of faux firmware replace emails.
The firm confirmed no information was compromised, however emphasised it by no means sends firmware information by way of electronic mail communications.
Bitcoin developer Jimmy Song first reported the malicious emails, which declare to supply Jade firmware updates whereas directing customers to obtain information from suspicious domains.
The rip-off emails seem to originate from unrelated entities like restaurant managers, elevating questions on how attackers obtained person electronic mail addresses.
The warning comes as crypto phishing assaults surge dramatically, with August losses reaching $12 million, affecting over 15,000 victims, a 67% improve from July.
The first half of 2025 noticed whole crypto crime losses exceed $3.1 billion, with phishing scams accounting for $410 million throughout 132 separate assaults.
Sophisticated Email Campaign Exploits Hardware Wallet Trust
The fraudulent emails masquerade as reliable Blockstream communications, instructing customers to obtain firmware updates by clicking on malicious hyperlinks.
Security consultants warn that the faux firmware probably redirects funds to attacker-controlled addresses as soon as put in on {hardware} gadgets.
Blockstream thanked Jimmy Song for the preliminary alert and reiterated its coverage of by no means distributing firmware by means of electronic mail channels.
The firm directed customers to observe official Twitter accounts @Blockstream and @BlockstreamJade for verified updates and communications.
Phishing Alert
We’ve been made conscious of faux emails claiming a “Jade firmware replace.”
1⃣ This was not despatched from Blockstream.
2⃣ Blockstream won’t ever electronic mail you firmware information.
3⃣ No information has been compromised.Don’t Trust. Verify.
Please observe @Blockstream and… pic.twitter.com/59ymAZ6NDB
— Blockstream (@Blockstream) September 12, 2025
Community members famous inconsistencies inside the rip-off emails, together with mismatched model numbers and suspicious sender domains.
One significantly regarding instance confirmed emails originating from “General Manager of Adelphia Restaurant” directing downloads from “getbento.com” domains.
The concentrating on of {hardware} pockets customers represents a big escalation in phishing sophistication.
Hardware wallets historically present enhanced safety in comparison with software program alternate options, making their compromise significantly damaging to person funds and confidence.
The exact mechanism by which attackers obtained person electronic mail addresses stays unclear, with group members questioning potential information breaches or social engineering campaigns.
Blockstream has not disclosed the supply of the e-mail leak or supplied particulars about affected person databases.
Crypto Crime Reaches Record Levels Amid Advanced Attack Methods
August 2025 recorded the second-highest monthly crypto crime whole this yr, with $310 million stolen throughout varied exploits, based on CertiK analysis.
Phishing incidents dominated losses at $293 million, together with two large assaults stealing $238 million in Bitcoin and $55 million in DAI stablecoin.
More disturbing, simply yesterday, a new cross-platform malware, referred to as ModStealer, was found.
This subtle malware targets 56 browser-based pockets extensions throughout Windows, macOS, and Linux programs whereas evading conventional antivirus detection by means of JavaScript-based distribution strategies.
The malware is distributed by means of a faux job recruiter advert marketing campaign, much like this phishing marketing campaign, concentrating on victims on a big scale.
Notably, North Korean state-sponsored teams have been concerned in a big a part of these felony actions, leading to $1.6 billion in losses, which represents 70% of the total losses in H1 2025.
The infamous Lazarus group performed the biggest single hack in crypto historical past, stealing $1.46 billion from Bybit in February.
Infrastructure assaults dominated the menace panorama, accounting for over 80% of stolen funds by means of non-public key compromises and front-end exploits.
These assaults averaged ten occasions bigger than protocol-based vulnerabilities, with social engineering and insider entry regularly enabling large breaches.
In an interview with Cryptonews, Crystal CEO Navin Gupta warns that trendy scammers exploit psychological manipulation by means of ways that embody urgency, authority, and familiarity.
How are scammers stealing billions in crypto? We sat down with @CrystalPlatform CEO Navin Gupta as he breaks down the psychology, AI-powered ways, and the #1 mindset shift that would stop most fraud.#CryptoScam #Deepfakehttps://t.co/9WQQvGSuED
— Cryptonews.com (@cryptonews) June 24, 2025
AI-powered personalization additionally allows attackers to craft convincing messages utilizing leaked information and behavioral profiling, making detection more and more tough for victims.
Protection methods embody verifying all communications by means of official channels, avoiding email-based software program downloads, and implementing {hardware} safety keys as an alternative of SMS-based two-factor authentication.
Gupta significantly suggested to “assume each unsolicited message is a possible assault. That psychological shift alone filters out 80% of menace vectors. If somebody reaches out with urgency, secrecy, or flattery — cease. Your greatest protection is deliberate doubt.”
Users are urged to bookmark reliable web sites quite than counting on engines like google and stay skeptical of unsolicited communications claiming pressing safety updates.
The submit Blockstream Issues Alert Over Fake Email Phishing Campaign Targeting Hardware Wallet Users appeared first on Cryptonews.
