In a recent and unsettling development, the widely-used non-custodial crypto wallet known as Jade, birthed by the eminent Bitcoin (BTC) development studio Blockstream, has fallen victim to a phishing attack that left its users on high alert.
Jade Wallet users were inundated with scam alert messages, claiming that the Jade hardware wallet had been compromised, prompting the issue of an emergency firmware release. The perpetrator(s) directed users to a red button within the message, ostensibly for an immediate software upgrade. Contrarily, it was later established that Blockstream bore no involvement in this matter.
Blockstream made a public statement on the X platform, denouncing the malefactor behind the phishing emails as an imposter seeking to mimic the respected company. Fortunately, the hacker did not successfully breach Blockstream’s mail server. The phishing emails were dispatched via an unrelated third-party domain.
Blockstream’s Security Recommendations
The ongoing investigations work to unveil the truth, a stern caution has been issued to users: steer clear of suspicious emails claiming association with the blockchain platform. Under no circumstances should users open any of these dubious links or emails. To drive the point home, the wallet’s creators emphasized, “Blockstream will NEVER ask for personal information via email.”
Users were also implored to guard their seed phrases diligently, refraining from sharing them online or with anyone claiming to be from the firm’s support team. Additionally, it was underscored that all updates should be executed through the Green Wallet application or the dedicated firmware website.
Notably, a segment of the sophisticated non-custodial wallet users remains skeptical of Blockstream’s explanation, harboring suspicions that the firm might have inadvertently exposed their data to the perpetrators. These doubters cite that their email addresses were solely in the possession of the platform.
As the crypto landscape 2023 unfolds, security challenges have reached unprecedented levels, with malicious actors exploiting vulnerabilities within various protocols. An in-depth analysis of Q3 revealed staggering losses amounting to approximately $890 million, attributed to several incidents, including rug pulls, hacking attempts, and phishing attacks.