Blockstream sounds the alarm on new email phishing campaign

Blockstream, an infrastructure and hardware wallet provider, issued a informing astir a caller email phishing run attempting to people Blockstream Jade hardware wallet users.

The institution confirmed connected Friday that it ne'er sends firmware files done email and said that nary information has been compromised successful the attack.

Phishing attacks are designed to bargain crypto and delicate idiosyncratic accusation done seemingly morganatic communication. According to Blockstream, the email featured a elemental connection directing users to download the latest mentation of Blockstream Jade wallet firmware by clicking connected a link, which was malicious.

Source: Blockstream

Phishing scams cost crypto users implicit $12 million successful August and affected implicit 15,000 victims — a 67% summation from July, according to anti-scam work Scam Sniffer.

As phishing campaigns and different crypto scams summation successful complexity and diversity, crypto users indispensable workout a heightened consciousness of consciousness and instrumentality online information measures to support their funds and delicate accusation from theft.

Related: Crypto thefts deed $163M successful August arsenic hackers displacement strategy

Staying harmless amid a rising menace scenery

Crypto users lost implicit $3.1 billion owed to scams and hacks successful the archetypal fractional of 2025, a crisp emergence from 2024, according to a report from blockchain information steadfast Hacken.

Phishing scams are designed to drawback users disconnected defender by cloaking malicious links designed to bargain information successful messages disguised to look similar they are from reputable crypto companies.

Typically, this involves a lawsuit work email sent to the people informing of an imminent relationship closure, theft, cybersecurity breach oregon immoderate different issue, and demanding a user’s backstage keys oregon passwords to hole the problem.

Users tin avoid phishing scams by double-checking URL addresses to guarantee that websites are legitimate. 

Scammers volition often make URLs that are astir identical to morganatic crypto websites, with 1 oregon 2 tiny errors, specified arsenic including oregon excluding periods oregon substituting the missive “o” with the fig zero and vice versa.

Users should besides bookmark trusted pages alternatively of typing successful the URL into the hunt barroom manually oregon relying connected hunt engines. Even paid advertisements thrust to the apical of fashionable hunt motor sites similar Google tin beryllium scams.

Other bully practices see avoiding clicking links from chartless senders altogether, utilizing a virtual backstage web (VPN) to disguise IP addresses and locations, and checking emails and websites for spelling oregon grammatical mistakes. 

Magazine: $55M DeFi Saver phish, copy2pwn hijacks your clipboard: Crypto Sec