BlockStream, an infrastructure and hardware wallet provider, has issued a warning about a new email phishing campaign that attempts to target BlockStream Jade Hardware Wallet users.
The company confirmed on Friday that it would not send firmware files via email, and said it had not damaged the data in the attack.
Phishing attacks are designed to steal cryptographic and confidential user information through seemingly legal communication. According to BlockStream, the email was malicious, featuring a simple message that directs users to download the latest version of BlockStream Jade Wallet firmware.
sauce: Blocked Block Roys
The phishing scam cost over $12 million in August, affecting more than 15,000 victims. According to the anti-Scam service scam sniffer, it has increased by 67% since July.
As the complexity and diversity of phishing campaigns and other crypto frauds grow, crypto users must exercise a growing awareness and take online security measures to protect their funds and confidential information from theft.
Related: A $163 million theft was declared in August as hackers shift their strategy
Stay safe amid increasing threat landscapes
Crypto users lost over $3.1 billion in the first half of 2025 to fraud and hacking, and have risen sharply since 2024.
Phishing scams are designed to catch users off guard by covering malicious links designed to steal data with messages that are disguised to look like reputable crypto companies.
This usually includes customer service emails sent to target alerts for impending account closures, theft, cybersecurity breach or other issues, requiring the user’s private key or password to fix the issue.
Users can avoid phishing by double checking their URL address to ensure that their website is legal.
Scammers create URLs that are roughly the same as legitimate crypto websites. This can use one or two small errors, such as including or exclude periods, or replace the “o” with zeros and vice versa.
Additionally, users should either manually enter the URL into the search bar or bookmark trustworthy pages instead of relying on search engines. Even paid ads can be scam if they hit the top of popular search engine sites like Google.
Other good practices include avoiding links from unknown senders altogether, masking IP addresses and locations using a Virtual Private Network (VPN), and checking emails and websites for spelling and grammar errors.
magazine: $55 million defi saver phish, hijacking copy2pwn clipboard: crypto sec
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
