Blockstream Publishes Phishing Investigation Results
u.today 8 h
Besides email contacts and phone numbers, the scammers can also know shipping addresses of some victims, the investigation says. As such, despite the attack having been reported a week ago, the customers of Jade Wallet should stay super vigilant.
Funds are safe, but users might receive more phishing emails, Blockstream says
The data of Blockstream’s Jade Wallet users may have been exposed by either a breach or a leak from a third-party shipping provider, the official producer’s statement says. Also, Blockstream Store warns that telephone numbers and shipping addresses may also have been leaked to malefactors.
We want to provide you with an update on the phishing campaign targeting Blockstream Store buyers and some other ecosystem companies. Our investigation indicates that customer data may have been exposed by either a breach or a leak from a third-party shipping provider. This leak…
— Blockstream (@Blockstream) October 27, 2023
At the same time, no private keys or wallet addresses were exposed to attackers: As such, all funds are safe. However, users should be vigilant and never open links from messages said to be authored by Blockstream.
Also, Bitcoin (BTC) wallet producers ask customers to avoid entering seed phrases on third-party websites, even by alleged requests of Blockstream.
The team of Blockstream is collaborating with their colleagues in the industry, but the problem remains challenging due to the nature of shipping services:
Unfortunately, shipping providers inherently need to know shipping information, so there appears to be no simple, robust solution to this generalized problem
As covered by U.Today previously, on Oct. 21, 2023, the users of Blockstream’s Jade Wallet started receiving letters that were offering them «an emergency update.» Allegedly, users needed it to keep their wallets safe after a vulnerability had been found.
However, the campaign was run by scammers who looked to steal private keys and users’ Bitcoins (BTC).
Community disappointed over Blockstream’s response
Some victims announced on social media that Blockstream was the only company they shared affected email addresses with.
As the investigation results are out, Jade Wallet community enthusiasts do not seem to be very happy about the company’s position.
Some of them claimed that Blockstream should implement better security instruments:
So unfortunate, your data security measures are weak (…) Shame to see you’re using drop shippers for your Jade product. Sounds like a weak non-apology
Bitcoin veteran and Magic Internet Money podcast host Brad Mills asked Blockstream to immediately inform all customers about the ongoing scam campaign.