Phishing Alert: Blockstream Customers Targeted by Mail Scam
Users of Jade Wallet, a popular non-custodial storage for Bitcoin (BTC) and Liquid assets, are suffering from a dangerous scam. Jade’s creator Blockstream has already stated that the recipients of strange letters should not open any links in them.
Do not fall for this scam: No emergency update from Blockstream
Today, Oct. 21, 2023, the owners of Jade Wallet by the leading Bitcoin (BTC) development studio Blockstream started receiving alert letters. Their authors alleged that the Jade hardware wallet was exploited and Blockstream issued an emergency firmware release.
A phishing email is being sent out impersonating Blockstream. As we investigate, please remember:
1️⃣ DO NOT click on any suspicious emails claiming to be from Blockstream. Blockstream will NEVER ask for personal information via email.
2️⃣ NEVER enter your seed phrase online or…
— Blockstream (@Blockstream) October 21, 2023
To download the upgraded software, users are asked to click on the red button in the letter. However, Blockstream has nothing to do with this campaign: The malefactors are spreading phishing links via an email scam. Fortunately, they did not manage to hack Blockstream’s mail server: The fake alerts are sent from a third-party domain that is not associated with Blockstream.
A few hours ago, Blockstream representatives issued a warning to recall basic security rules while an investigation is underway:
A phishing email is being sent out impersonating Blockstream. As we investigate, please remember: DO NOT click on any suspicious emails claiming to be from Blockstream. Blockstream will NEVER ask for personal information via email. NEVER enter your seed phrase online or share it with anyone, even if they claim to be from the Blockstream support team
Also, they stressed that all upgrades should only be downloaded from the official Blockstream website, and not from links in emails.
The message from Blockstream was already retweeted by its CEO Dr. Adam Back, a prominent cypherpunk.
However, the community of Jade users is enraged. The users of the sophisticated hardware wallet suspect that Blockstream leaked their data to scammers. At least some of them stated that the email address used by scammers was only shared with Blockstream.
Seasoned crypto users recalled the December 2020 attack on Ledger that resulted in thousands of email addresses being leaked.
Also, some tech-savvy crypto enthusiasts noticed that the scammers might be abusing the Network For Good Software service for SMEs in order to organize such a massive campaign.
The same attackers might be behind the fraud of FTX investors (via a fake “debtors campaign”) and other dangerous crypto scams.