Blockstream, a well-known infrastructure and hardware wallet provider, has recently issued a warning about a new email phishing campaign targeting users of its Blockstream Jade hardware wallet. The company confirmed on Friday, September 12, 2025, that it never sends firmware files via email and stated that no data has been compromised as a result of this particular attack.
Phishing attacks are designed to steal crypto assets and sensitive user information through seemingly legitimate communications. According to Blockstream, the deceptive email prompts users to download the latest version of Blockstream Jade wallet firmware by clicking on a malicious link.
The prevalence of phishing scams has been on the rise. Crypto users lost over $12 million in August alone due to such scams, affecting more than 15,000 victims, which represents a 67% increase from July, according to anti-scam service Scam Sniffer. In the first half of 2025, crypto users lost over $3.1 billion to scams and hacks, a sharp rise from 2024, according to a report from blockchain security firm Hacken.
These scams often employ customer service emails that warn of imminent account closure, theft, cybersecurity breaches, or other urgent issues. The emails then request private keys or passwords from users to resolve the purported problem.
To avoid falling victim to phishing scams, users are advised to take several precautions:
Blockstream is actively collaborating with other Bitcoin and cryptocurrency companies to alert them to be vigilant to similar possible breaches. Users who encounter suspicious emails or activity related to this phishing attack are encouraged to send any further information to support@blockstream.com to aid the investigation.
As phishing campaigns and other crypto scams increase in complexity and diversity, it is crucial for crypto users to exercise a heightened sense of awareness and take online safety measures to protect their funds and sensitive information from theft.
