Fake Firmware Emails Target Blockstream Jade Hardware Wallet Owners

What Happened?

Blockstream, the BTC infrastructure firm founded in 2014 by cryptographer Adam Back, has warned customers about a phishing campaign impersonating its security team. Attackers distributed fake emails urging users of the Jade hardware wallet to download a fraudulent firmware update. The company stressed that firmware is never distributed via email and confirmed that no customer data had been compromised.

Blockstream’s Jade wallet, launched in 2021 and priced around $65, competes with Ledger and Trezor as an entry-level cold storage answer. While the devices are designed to keep Secret keys isolated from online attacks, phishing attempts like this exploit the fragileest link: human trust. In this case, attackers embedded malicious links disguised as firmware upgrades in their emails.

Investor Takeaway

Why It Matters: Rising Crypto Scam Activity

The phishing campaign highlights a broader trend of escalating crypto fraud. According to Scam Sniffer, phishing scams drained $12 million from investors in August 2025 alone, impacting more than 15,000 victims—a 67% jump from July. Hacken estimated $3.1 billion in scams and hacks in just the first half of 2025, already outpacing full-year totals for 2024. By comparison, CertiK reported $1.8 billion in crypto losses for all of 2024.

Major exploits this year include the $305 million Orbit bridge hack in April and the $110 million theft from Kraken’s staking system in June. These incidents underline both the scale and sophistication of attacks across the crypto sector.

How Phishing Schemes Work

Phishing attacks often mimic trusted customer service alerts or security notices, pressuring users to act rapidly. Fraudsters frequently create lookalike websites, swapping letters or symbols to deceive recipients. Victims are tricked into entering sensitive information or downloading malware under the guise of urgent security updates.

Global data shows the scale of the hardy: the FBI’s IC3 logged $3.9 billion in investment fraud losses in 2023, with crypto scams as the leading category. Japan’s National Police Agency also reported record crypto-related fraud of ¥7.7 billion ($51 million) in 2023, underscoring the global reach of these threats.

Investor Takeaway

Blockstream’s Response and Industry Implications

Blockstream urged Jade users to verify URLs, bookmark official websites, and avoid email-based links. It emphasized that official firmware is distributed only via Blockstream’s GitHub repository and verified website. The company said it continues to monitor the situation and confirmed that no Jade devices have been compromised.

Other hardware wallet makers have faced similar issues. Ledger and Trezor both issued advisories this year later than fake support emails targeted their customers. The industry-wide trend reflects how attackers are shifting focus from breaking hardware to exploiting user trust, making phishing one of the most effective attack vectors in crypto security today.