Blockstream Issues Alert Over Fake Email Phishing Campaign Targeting Hardware Wallet Users

Blockstream issued an urgent security alert warning users about a sophisticated phishing campaign targeting Jade hardware wallet owners through fake firmware update ￰1￱ company confirmed no data was compromised, but emphasized it never sends firmware files via email ￰2￱ developer Jimmy Song first reported the malicious emails, which claim to offer Jade firmware updates while directing users to download files from suspicious ￰3￱ guys should warn people about this phishing email. I'm guessing the firmware sends funds to some other address. @adam3us @Blockstream ￰4￱ — Jimmy Song (송재준) (@jimmysong) September 12, 2025 The scam emails appear to originate from unrelated entities like restaurant managers, raising questions about how attackers obtained user email ￰5￱ warning comes as crypto phishing attacks surge dramatically, with August losses reaching $12 million, affecting over 15,000 victims, a 67% increase from July.) September 12, 2025 Community members noted inconsistencies within the scam emails, including mismatched version numbers and suspicious sender ￰6￱ particularly concerning example showed emails originating from “General Manager of Adelphia Restaurant” directing downloads from “getbento.

com” ￰7￱ targeting of hardware wallet users represents a significant escalation in phishing ￰8￱ wallets traditionally provide enhanced security compared to software alternatives, making their compromise particularly damaging to user funds and ￰9￱ precise mechanism by which attackers obtained user email addresses remains unclear, with community members questioning potential data breaches or social engineering ￰10￱ has not disclosed the source of the email leak or provided details about affected user ￰11￱ do they know your users email? l — Masunobom (@masunobom) September 12, 2025 Crypto Crime Reaches Record Levels Amid Advanced Attack Methods August 2025 recorded the second-highest monthly crypto crime total this year, with $310 million stolen across various exploits, according to CertiK ￰12￱ incidents dominated losses at $293 million, including two massive attacks stealing $238 million in Bitcoin and $55 million in DAI ￰13￱ disturbing, just yesterday, a new cross-platform malware , called ModStealer, was ￰14￱ sophisticated malware targets 56 browser-based wallet extensions across Windows, macOS, and Linux systems while evading traditional antivirus detection through JavaScript-based distribution ￰15￱ malware is distributed through a fake job recruiter ad campaign, similar to this phishing campaign, targeting victims on a large scale.

Notably, North Korean state-sponsored groups were involved in a large part of these criminal activities, resulting in $1.6 billion in losses, which represents 70% of the total losses in H1 ￰16￱ notorious Lazarus group conducted the largest single hack in crypto history, stealing $1.46 billion from Bybit in ￰17￱ attacks dominated the threat landscape, accounting for over 80% of stolen funds through private key compromises and front-end ￰18￱ attacks averaged ten times larger than protocol-based vulnerabilities, with social engineering and insider access frequently enabling massive ￰19￱ an interview with Cryptonews, Crystal CEO Navin Gupta warns that modern scammers exploit psychological manipulation through tactics that include urgency, authority, and ￰20￱ are scammers stealing billions in crypto?

We sat down with @CrystalPlatform CEO Navin Gupta as he breaks down the psychology, AI-powered tactics, and the #1 mindset shift that could prevent most fraud. #CryptoScam #Deepfake ￰0￱ — ￰21￱ (@cryptonews) June 24, 2025 AI-powered personalization also enables attackers to craft convincing messages using leaked data and behavioral profiling, making detection increasingly difficult for ￰22￱ strategies include verifying all communications through official channels, avoiding email-based software downloads, and implementing hardware security keys instead of SMS-based two-factor ￰23￱ particularly advised to “ assume every unsolicited message is a potential ￰24￱ mental shift alone filters out 80% of threat ￰25￱ someone reaches out with urgency, secrecy, or flattery — ￰26￱ best defense is deliberate doubt. ” Users are urged to bookmark legitimate websites rather than relying on search engines and remain skeptical of unsolicited communications claiming urgent security updates.