Blockstream has issued a critical security warning regarding a new phishing campaign targeting users of its Jade hardware wallet. The fraudulent emails are meticulously crafted to mimic official Blockstream communications, specifically promoting a fake firmware update for the Jade device. These messages contain links directing recipients to a malicious website designed to harvest sensitive information, including private keys and recovery phrases.
Security analysts note that the campaign employs advanced social engineering tactics, with emails featuring professional branding and language nearly identical to legitimate Blockstream notifications. The malicious site replicates Blockstream’s official interface, further enhancing its deceptive appearance.
Blockstream emphasizes that it never distributes firmware updates via email links and advises users to exclusively use the official Blockstream Green application for all wallet management and update procedures. The company recommends immediate deletion of any suspicious emails and encourages verification through official support channels before engaging with any update notifications.
This incident underscores the persistent threats facing cryptocurrency users and highlights the importance of rigorous security practices, particularly regarding hardware wallet management. Users are reminded to enable all available security features, including two-factor authentication and physical verification steps on their devices.
