A serious fraud is affecting users of Jade Wallet, a well-known non-custodial storage option for liquid assets and Bitcoin (BTC). Blockstream, the developer of Jade, has previously advised against clicking any links in odd mails.
Do not fall for this scam: No emergency update from Blockstream
Owners of the Jade Wallet created by renowned Bitcoin (BTC) development company Blockstream began getting alarm messages today, October 21, 2023. Their authors claimed that Blockstream released an emergency firmware update after the Jade hardware wallet was allegedly attacked.
https://x.com/Blockstream/status/1715628518435111162?s=20
Users are advised to click on the red button in the mail to download the updated software. Blockstream, however, is unrelated to this campaign: Through an email fraud, the criminals are disseminating phishing links. Thankfully, they were unable to compromise Blockstream’s mail server since the bogus notifications are issued from a different domain that is unrelated to Blockstream.
Representatives of Blockstream have just issued a caution to adhere to fundamental security guidelines while an investigation is ongoing:
Someone is sending out a scam email pretending to be Blockstream. Please bear this in mind while we do our investigation: DO NOT click on any dubious emails purporting to be from Blockstream. Blockstream will NEVER contact you asking for personal information. NEVER reveal or enter your seed phrase online, even if someone claims to be a member of the Blockstream support staff.
Additionally, they emphasised that no updates should be obtained from email links, but only from the official Blockstream website.
Ledger-like scenario?
The CEO of Blockstream and well-known cypherpunk Dr. Adam Back has already retweeted the company’s post.
But the Jade user community is furious. The sophisticated hardware wallet’s customers believe that Blockstream gave their information to con artists by leaking it. At least a few of them claimed that Blockstream was the lone recipient of the email address used by fraudsters.
Experienced cryptocurrency users remembered the Ledger assault in December 2020 that led to the disclosure of thousands of email addresses.
A few tech-savvy cryptocurrency aficionados also observed that the con artists may have abused the Network For Good Software service for SMEs to plan such a sizable campaign.
The same attackers may be responsible for additional risky crypto frauds as well as the FTX investment fraud (via a phoney “debtors campaign”).
