In addition to email contacts and phone numbers, scammers may also know the shipping addresses of some victims, according to the research. As such, even though the attack was reported a week ago, Jade Wallet customers should remain highly vigilant.
Funds are safe, but users may receive more phishing emails, says Blockstream
Blockstream’s Jade Wallet user data may have been exposed by a breach or leak from a third-party shipping provider, the producer’s official statement says. Additionally, Blockstream Store warns that phone numbers and shipping addresses may have also been leaked to bad actors.
At the same time, no private keys or wallet addresses were exposed to the attackers: therefore, all funds are safe. However, users should be vigilant and never open links from messages that were supposedly written by Blockstream.
Additionally, Bitcoin (BTC) wallet makers ask customers to avoid entering seed phrases on third-party websites, including through purported Blockstream requests.
The Blockstream team is collaborating with industry colleagues, but the issue remains challenging due to the nature of shipping services:
Unfortunately, shipping providers inherently need to know shipping information, so there doesn’t seem to be a simple, robust solution to this widespread problem.
As U.Today previously reported, on October 21, 2023, users of Blockstream’s Jade Wallet began receiving letters offering them “an emergency upgrade.” Users supposedly needed it to keep their wallets safe after a vulnerability was found.
However, the campaign was led by scammers looking to steal private keys and Bitcoins (BTC) from users.
Community disappointed by Blockstream response
Some victims announced on social media that Blockstream was the only company they shared affected email addresses with.
As the results of the investigation become known, enthusiasts in the Jade Wallet community do not seem to be very happy with the company’s position.
Some reclaimed that Blockstream should implement better security instruments:
Unfortunately, your data security measures are weak (…) It’s a shame to see that you are using drop shipping for your Jade product. It sounds like a weak lack of apology.
Brad Mills, Bitcoin veteran and host of the Magic Internet Money podcast asked Blockstream will immediately inform all customers about the ongoing scam campaign.
