In addition to gaining access to email contacts and phone numbers, the scammers involved in this incident have managed to obtain the shipping addresses of certain victims, according to the investigation. Despite the fact that this attack was reported a week ago, customers of Jade Wallet are strongly advised to remain vigilant.
Blockstream, the official producer, has stated that the data of Blockstream’s Jade Wallet users may have been compromised, either through a breach or a leak from a third-party shipping provider. Blockstream Store has also issued a warning, suggesting that malefactors may have accessed telephone numbers and shipping addresses.
In an effort to keep you informed about the phishing campaign that has targeted Blockstream Store customers and several other ecosystem companies, we are sharing our findings. Our investigation points to the possibility that customer data was exposed due to a breach or a leak from a third-party shipping provider. This incident has raised concerns…
Meanwhile, it’s crucial to note that private keys and wallet addresses have not been exposed to the attackers, ensuring the safety of all funds. Nevertheless, users are strongly advised to exercise caution and avoid opening any links from messages claiming to be from Blockstream.
Furthermore, Bitcoin wallet producers are urging their customers to refrain from entering seed phrases on third-party websites, even if the requests appear to be from Blockstream.
The Blockstream team is actively collaborating with industry colleagues to address the situation. However, the challenges posed by the nature of shipping services make finding a simple, robust solution a complex task.
As previously reported by U.Today, on October 21, 2023, users of Blockstream’s Jade Wallet began receiving letters that purported to offer an “emergency update” to enhance wallet security following the discovery of a vulnerability. Unfortunately, this campaign was orchestrated by scammers seeking to steal private keys and users’ Bitcoin holdings.
Some victims have shared that Blockstream was the only company with which they had shared their affected email addresses. In light of the investigation results, members of the Jade Wallet community seem dissatisfied with the company’s response.
Several users argue that Blockstream should enhance its security measures, with one expressing disappointment in the company’s data security practices and the use of drop shippers for the Jade product. Notably, Bitcoin veteran and host of the Magic Internet Money podcast, Brad Mills, has called on Blockstream to promptly notify all customers about the ongoing scam campaign.