Blockstream Warns Users of New Phishing Campaign

Blockstream, an infrastructure and hardware wallet provider, issued a warning about a new email phishing campaign targeting Blockstream Jade hardware wallet users.

The company confirmed on Friday that it never sends firmware files through email and stated that no data has been compromised in the attack.

Phishing attacks are designed to steal crypto and sensitive user information through seemingly legitimate communication. According to Blockstream, the email featured a simple message directing users to download the latest version of Blockstream Jade wallet firmware via a malicious link.

Source: Blockstream

Phishing scams cost crypto users over $12 million in August and affected over 15,000 victims — a 67% increase from July, according to the anti-scam service Scam Sniffer.

As phishing campaigns and other crypto scams increase in complexity, users must exercise heightened awareness and take safety measures to protect their funds and sensitive information from theft.

Related: Crypto thefts hit $163M in August as hackers shift strategy

Staying Safe Amid a Rising Threat Landscape

Crypto users lost over $3.1 billion due to scams and hacks in the first half of 2025, a sharp rise from 2024, according to a report from blockchain security firm Hacken.

Phishing scams are designed to catch users off guard by cloaking malicious links in messages that appear to be from reputable crypto companies. This typically involves a customer service email warning of an imminent account closure or theft, demanding the user’s private keys or passwords to fix the ‘problem’.

Users can avoid phishing scams by double-checking URL addresses to verify website legitimacy. Scammers often create URLs that resemble legitimate crypto websites, with minor errors. Users should also bookmark trusted pages instead of typing URLs in search bars and avoid clicking links from unknown senders.

Other good practices include using a virtual private network (VPN) to mask IP addresses and checking emails and websites for spelling or grammatical mistakes.

Magazine: $55M DeFi Saver phish, copy2pwn hijacks your clipboard: Crypto Sec