A new email campaign for the Jade wallet is actually crypto-stealing malware
Blockstream, the company behind the Jade hardware wallet, has alerted its customers to a new phishing scam designed to steal crypto from unsuspecting users. The warning, issued Friday, highlights an email campaign that falsely claims to provide a firmware update for Jade devices. According to Blockstream, the emails instruct users to download a file from a malicious link, but the company stressed that it never distributes firmware through email.
🚨 Phishing Alert 🚨
We’ve been made aware of fake emails claiming a “Jade firmware update.”
1⃣ This was not sent from Blockstream.
2⃣ Blockstream will never email you firmware files.
3⃣ No data has been compromised.Don’t Trust. Verify.
Please follow @Blockstream and… pic.twitter.com/59ymAZ6NDB
— Blockstream (@Blockstream) September 12, 2025
The firm confirmed that no user data or systems have been compromised, but urged the community to remain vigilant. Phishing attacks, which disguise malicious links and communications to look like they come from legitimate sources, have been a growing threat in the crypto space. Scam Sniffer, an anti-fraud monitoring service, reported that phishing scams drained over $12 million from users in August alone, affecting more than 15,000 victims—a sharp increase from the previous month.
Security experts note that phishing emails often attempt to pressure users with warnings about account closures, hacks, or other urgent issues. These tactics are meant to trick individuals into sharing private keys or downloading harmful software. In this latest campaign, scammers attempted to exploit the trust Jade users place in firmware updates to compromise their wallets.
Reports from blockchain security firm Hacken show the broader context: crypto users lost over $3.1 billion to hacks and scams in the first half of 2025, a steep rise compared to last year. With attacks becoming more sophisticated, Blockstream emphasized the importance of safe online habits.
Users are advised to verify all links carefully, bookmark official websites, and avoid clicking on attachments or links from unknown senders. Small details, like misspelled URLs or altered characters, are common red flags. Additional protections, such as VPNs and careful scrutiny of email language, can further reduce risk.
