Blockstream alerts Jade Wallet users to fake firmware update scam

Blockstream warned Jade hardware wallet users about a phishing scam that sends fake emails with claims of a firmware update. The company said it never shares firmware through email and confirmed that no user data was compromised.

Blockstream posted the alert on X and urged users to watch out for fake messages. The company said official firmware updates are only on its GitHub page and website.

Blockstream denies sending firmware update emails

Attackers sent fake emails to users of Blockstream’s Jade hardware wallet, pretending to be the company, and announced a new firmware update that even cited version numbers with download links.

Blockstream looked into the issue and warned users at once. They said their technology is still safe, and the attacks did not compromise any Jade devices. They also told users to download its updates only through Blockchain’s official website or GitHub repository because it never sends them out through email.

Blockstream also advised users on how to protect themselves from similar scams in the future. They said phishing attacks only work because exploiting human behavior is easier than infiltrating devices. So, users should ignore suspicious messages, even if they look professional, and verify the source through trusted channels. If anyone clicks on a link without being 100% sure, just because it looks real, the attacker succeeds, even if the hardware is foolproof. 

Blockchain launched Jade in 2021 for around $65 as an entry-level hardware wallet. The device was more affordable than most advanced cold storage devices and could compete with products such as Ledger and Trezor. For this reason, attackers knew the easiest way to bypass the device’s protection was by going after the owners themselves. 

Phishing scams rise as crypto losses grow 

Scams and hacks made away with more than $3.1 billion in the first half of 2025, according to security company Hacken, and that figure exceeds the total amount lost in 2024. Big hacks, in which Orbit Bridge lost $305 million to hackers in April or where Kraken was hit for $110 million in June, show that the attacks also target established companies and platforms.

As recently reported by Cryptopolitan, August crypto hacks and exploits increased by 15% from July. Over $163 million in digital assets was stolen across 16 incidents.

According to PeckShield, the highlights of August hacks included Turkish exchange BtcTurk, token launchpad ODIN.fun, lending protocol BetterBank, and CrediX Finance.

Cybersecurity firm Cyvers established weird activity involving Ether and other tokens on several blockchain networks in the second week of August. At about 01:20 PM BST, Cyvers’ monitoring systems detected massive Ethereum, Avalanche, Arbitrum, Base, Optimism, Mantle, and Polygon transactions.

Almost immediately, BtcTurk suspended deposits and withdrawals, telling customers a “technical issue” was affecting its hot wallets. They told customers that local currency transfers and trading were operating normallu, but did not disclose the total scale of losses.

They will even use urgent language to scare people and gain access to their wallets once victims follow their instructions. Scammers can also create fake websites resembling official crypto platforms and register look-alike addresses with small changes. They may swap out letters and numbers in the URL, such as replacing the letter “o” with a zero, or leaving out a single dot. 

The scale at which these attacks are growing shows that security in the crypto industry is also about creating awareness and caution for users. This is because even the most secure platforms cannot protect people if they expose their private keys to criminals.

Get up to $30,050 in trading rewards when you join Bybit today