Following up on our Jade security announcement, and in accordance with industry disclosure standards following exhaustive investigation, below we give more context on the reported security issue, our response to being notified by DARKNAVY, and information for our users on how to upgrade and stay safe.The security of our users' data is of the utmost importance to us. We strive to be completely transparent and open in our dealings, and in this spirit we include a lot of information in this disclosure. We urge all users to review the How To Upgrade section below for details on upgrading and staying safe.Security disclosures can attract attempts by bad actors to confuse users or impersonate legitimate support channels. With this in mind, Please note the following:
- The only legitimate support for Blockstream products is available through https://help.blockstream.com/.
- Blockstream will never ask you to share any private data including your recovery phrase, PIN, or user-identifiable information.
- If you are in doubt about whether a message or link is genuine, please contact us.
- If you receive a suspicious email, message or contact address, or have concerns about security with any of our products, please email security@blockstream.com or DM our Support team on X.
If you only use the official Blockstream app on a malware-free device, then your Jade is not at immediate risk of exploitation from the identified vulnerability. Additionally, if you only use QR mode, then you are not at risk. Note that in both cases, we still recommend that you upgrade as soon as possible.Timeline and Background
Technical Details and Scope
Exploitation Analysis
Actions We Are Taking
How To Upgrade
Summary
Timeline and Background
pull down to refresh
related posts