Blcokstream Green wallet seems unaffected.
But if you’re using Jade, get on the security fix IMMEDIATELY. 
Login to reply
Replies (79)
One hundred percent chance of bullshit, friend. They want your seed words.
🎣
Restore wallet on Web based platform. Lol no.
Just bizarre. Bizarre.
FUCK. Fuck fuck.
Just checked the sender and it is a scam. I’m not a HW customer but do get these type emails occasionally.
I saw the Jade info being shared by others showing compromising info so timing seemed relevant.
I was so intent on helping without doing what I always do and check sender/block.
I have egg on my face & entire body at the moment. Go about your days. I will be flogging myself most of the day.
You don’t need that hardware device, we’ll keep your funds safu for you on this random website you’ve never heard of… 
👆DISREGARD
I’M A FUCKING MORON.
OR MAYBE I’M JUST POINTING OUT THAT HUE SHOULD ALL BEWARE OF PHISHING SCAMS.
CHECKS NOTES: NOPE, I’M A FUCKING MORON.
@nobody
Did this come with a link to an external site? I do not use this wallet. I am not able to see where the scam is unless there might be a fraudulent site set up to capture seed phrase. @El_monty @The Daniel 🖖
Well, at least you didn’t share the link 😬
It did come with a link not shared.
No link but a click here box which I would never click.
I will go back to punching myself now for sharing anything.
Lol
That’s absolutely what it was. Did you look up the domain name to see who runs it? What was the email domain of the sender?
Thanks for the concern though!
Dude why are you posting this phishing scam. 😂
I just saw this…..
Listen friend….
No one is perfect………
Your intent was righteous……
Don’t beat yourself up for this!
I’m ashamed to show the email domain as I always check this shit because I do get phishing stuff occasionally. This time I didn’t and moved too quick to think I was helping.
But to add to my embarrassment, here is the sender email: glas@vhlgroep.nl
I will be in the quad later. Please bring small rocks & sticks to throw and hit me with. Thx.
Nope. I will beat myself up and do expect others to add to the punishment.
I’m moving too fast today. Saw it, reacted quickly for my peeps that may use Blockstream.
Please let me die in peace. People make mistakes.
No links shared & sender blocked, memory holed forever. 
You should immediately open a support ticket with @Blockstream and send them the entire email including the headers so they can investigate it.
Nope. I deserve worse than that.
Two coffees in and I’m moving too fast.
Will do. @Adam Back coming your way.
@Pablo Xannybar shared another vulnerability yesterday that I will send as well.
Some good coming out of bad🤷🏻♂️
Move fast & break things.
Go get a third
BTW, VHL Groep is a store in the Netherlands that sells window shades. Clearly they are diversifying. 🤣
🤔I heard they have a great product. 😱
Yes. Lol. Yes.
Or simply spoofed. The headers will reveal that.
Sorry fren, I disagree!
There was zero intent on your part to mislead others.
We are all human and are not perfect.
I love this community in part because they have common sense in many areas of their lives!
Hope you didn’t loose any coins.
Sounds like someone has learned an important lesson today.
PSA:
Don't open emails about "security"
Any vulnerabilities will always be disclosed on official public communication channels.
Email is dead, never use it as a primary source.
View quoted note →
😂👏👍
Sharing news too quickly is not good.
I click no links to anything, ever, and protect my coins like I would a baby.
@Pablo Xannybar sharing a Jade vulnerability yesterday & then this email from “Blockstream” caught me off guard.
I screen shot/shared without normal due diligence.
Won’t happen again.
Verify before acting, always.
It also smells like a scam
It gets worse. Keep reading.
💀💀💀 this is totally phishing scam looking for you to enter your seed phrase comon this isn't 2011
It is. Link not shared.
> tfw Ledger tried to actually do this
View quoted note →
🤔
Did I share a Jade vulnerability? Pretty sure I only posted about mining with it.
But don't sweat it man we all make mistakes. The difference is only that on Nostr you can't delete them.
Hover over it so the URL shows then take a screenshot/photo.
Srsly on Twitter people would listen to me for security advice, one night I tweeted some offhand assumptions just as passing thoughts, people took them as warnings, turns out they were all totally incorrect. So people first thanked me for the warning then accused me of spreading FUD.
Luckily the devs understood the original tone of the tweets as passing thoughts and assumptions and held no ill will, but I still felt shitty for how they were misinterpreted.
Just to share that I made a similar mistake as well. Difference is I could delete it the next day.
I learned my lesson then. Sometimes you gotta learn the hard way.
Besides in this case you didn't share the phishing link and your intention was to help people. So no harm done, you were tryna look out for people, and you learned a lesson for the future.
Don't beat yourself up about it man.
These scams always hit hardest by timing. For example if you just used your credit card in a different city and then by coincidence right after you get a phishing email that looks like it came from your bank, the seeming urgency disengages prudence.
They smart.
🙏my brother from another mother.
The infantilized hand-holding by government and Big Tech primes the population for the greatest scam of them all: the CBDC.
Worse?
Just confirmation of scam worse. I meant for me as in, wait till you read more responses.
Nobody got hurt. all good.
Yeah no way anyone here on Nostr is gonna get hurt by your post brotha 💜🫂🤝
Yup. No link shared. Goal was more fyi but I acted too quickly as it was bogus. I usually don’t. I was off my A game earlier.
I’m back.
Seriously don't beat yourself up about it, that's all an ego game anyways.
You provided a benefit just by having this conversation out loud.
Absolutely a scam!!
@nobody, Curious…where did you see this “security advisory/alert”.
@Blockstream, could you chime in here on this “security advisory” please.
Email. I have mult email addresses and know that one was “exposed” at one point.
I get some phishing at times on it.
I misread this one for several reasons. Biggest is moving too fast. Saw it, immediately screen cap & share as warning. Shared With no links or anything by design, just as fyi.
Egg on face but all good.
if this is real... really disapointed with their communication.
Nothing on their channels, or blog, or website.
No. Scam. All good.
You know what got me initially on this one. Got me meaning for a few minutes, enough to share. The email was worded so well. Usually these scams are full of misspellings and grammar issues.
AI is now here and Phishing.
I can relate. I have an Apple family set up on my iPhone. I got an email the other day with a receipt from apple confirming a purchase of a game or a movie, I can’t remember which one. I asked all my kids and wife if they made the purchase. They all said no. I was so pissed that my kids probably purchased a game or movie and just didn’t want to tell me so I clicked on the link in the email to log into my apple account with my apple ID.
It all looked legit from apple. I logged in with my credentials and I even entered my Apple Card credentials as well! After realizing that my kids were telling the truth, I started looking more into the email address that contacted me as well as the site I was directed to via the email. The email address was not an apple address…and the website only had one clickable link. THEY GOT ME!
Because I was acting in haste I didn’t do my normal due diligence and my normal routine to verify if the email was legit, which it wasn’t. It was a typical phishing scam. I immediately changed my Apple ID and I requested new numbers (which can be done with a click on the iPhone) for my Apple Card.
A few hours later I noticed several failed purchase attempts on my Apple Card. The scammer was attempting to use my card information to make large purchases online. It was good I caught this fast enough.
Lesson learned is don’t allow your anger/haste of seeing a family member making a purchase from a shared account without your permission cause you to act quickly to reverse the charge. After all, the game or movie was only a few dollars. I wound up not losing anything except a few minutes of my time that it took to change my Apple ID and my Apple Card information.
I get those too from Apple and have done the exact same thing without going as far as the link clicking.
I’ve literally conditioned my brain to not click links.
I’d rather type the name of something into Brave and go from there to log into something.
My kids & wife were like I was attacking the thermostat setting (which I do constantly too). A house at 68 when it’s 90 outside is fuckin freezing. My daughter argues back while wearing a sweatshirt in the house. 🤷🏻♂️
You’re better than me. When it’s 90 or better outside I keep the thermostat at 72. Still freezing and quite noticeably cooler when you come in from a nice run or bike!
That’s my setting too. 100%.
Head outside to get some shit done and the wife/daughter down click/hold. Eventually there it is at 68.
The battle is real.
😂 verify
Whoopsie
That you can't delete notes on Nostr is cool in some situations...
In others...:
@nobody got duped by a phishing campaign, posted on Nostr, realized it and commented below the original note.
But can't delete it so note still gets boosted 9 hours later. On the other hand a good example of verify first.
View quoted note →
But I’ve also posted this before. 😅🚀🤦♂️🫡📽️👀🥹😘🔥🙏😱 
i will not say bitcoins 😂😂😂
That’s the best.
I don’t have a problem with “bitcoins” and I don’t understand why people do
I could say i have a lot of bitcoin or a lot of bitcoins. The first one could be .5 btc but the second must be multiple whole coins
When a full bitcoin wasn't worth much it was normal to say it in plural
Bitcoin is the plural of bitcoin.
It’s moose. Not mooses.
Deer not deers.
Nah
Go to bed
Beds. Plural please.
Have mercy, he doesn't like to check.
View quoted note →