TLDR
- Phishing emails mimic official updates, directing users to malicious websites.
- Blockstream confirms no data breach but urges users to avoid suspicious downloads.
- In H1 2025, phishing scams caused $410 million in crypto crime losses.
- Experts recommend verifying updates only through official channels to stay safe.
Blockstream has issued an urgent warning about a new phishing campaign aimed at users of its Jade hardware wallet. The attack uses fraudulent emails that pretend to offer firmware updates, tricking recipients into downloading malicious files. The company confirmed no data has been compromised, but it emphasized that it never distributes firmware through email. This alert highlights the growing sophistication of crypto phishing attacks, which are increasingly targeting hardware wallet users.
Fake Emails Attempt to Steal Data and Funds
The phishing emails sent to Jade wallet users mimic official Blockstream communications. They claim to offer firmware updates for the wallet but direct users to click on links that lead to harmful websites. Security experts have warned that these files, once installed, could reroute users’ funds to attacker-controlled addresses.
These fake emails have caused concern because they seem legitimate at first glance. The emails were found to come from strange senders, such as the “General Manager of Adelphia Restaurant,” and contained links to domains like “getbento.com.” These inconsistencies have raised questions about how attackers managed to obtain the email addresses of Jade wallet users.
Blockstream confirmed that it never sends firmware updates via email and directed users to check official channels for updates. They also urged users to stay alert and avoid downloading any files from suspicious sources. The company thanked Bitcoin developer Jimmy Song for alerting them to the scam.
Surge in Crypto Crime and Phishing Attacks
Crypto crime has been on the rise in 2025, with phishing attacks being a major concern. Research has shown that phishing scams were responsible for $410 million in losses during the first half of the year. Blockstream’s warning comes amid a broader surge in crypto crime, with phishing scams causing $12 million in losses just last month alone.
The attack on hardware wallet users is particularly worrying. Hardware wallets are typically considered more secure than software wallets, so compromising these devices can have serious consequences. The incident is part of a larger trend of sophisticated attacks that continue to increase in scale and complexity.
In the first half of 2025, the total value of crypto crimes exceeded $3.1 billion. A large portion of these losses came from social engineering attacks and infrastructure hacks. One of the most notable attacks involved the Lazarus group, which reportedly stole $1.46 billion in February. This suggests that organized groups are increasingly targeting the crypto sector.
How Users Can Protect Themselves from Phishing Scams
Experts recommend a few strategies to protect against phishing and other scams. Users should always verify emails and updates through official channels. It’s important not to click on links or download files from unsolicited emails. Furthermore, security experts advise users to use hardware security keys instead of relying on SMS-based two-factor authentication.
As more phishing attacks target hardware wallets, individuals must stay vigilant. Security experts recommend that users assume all unsolicited messages are potentially malicious and adopt a mindset of skepticism. This precaution can help filter out many types of attacks.
Blockstream’s warning about the Jade wallet phishing campaign is just the latest in a series of alerts about growing crypto threats. It’s clear that phishing scams are becoming more sophisticated, and users need to be cautious about where they download files and who they trust.
