Blockstream Jade Security Disclosure
**TL;DR:**
**Vulnerability:** A buffer overflow bug in Jade hardware wallet firmware (versions 1.0.24-1.0.36) that could allow malware on a connected computer/phone to crash the device or potentially extract the user's private keys.
**Practical implications:**
- **Only exploitable if:** Device connected via USB/Bluetooth to malware-infected computer AND device was unlocked on that interface
- **Not vulnerable:** QR-only mode, uninitialized devices, or if using official Blockstream app on clean devices
- **No known exploits** in the wild
- **Fix:** Update to firmware 1.0.38+ immediately (includes anti-rollback protection)
- **Worst case:** Attacker could theoretically steal private keys if sophisticated malware was present
Blockstream
Jade Security Disclosure
This disclosure gives more context on the Jade firmware vulnerability and information for our users on how to upgrade and stay safe.
Stacker News
Blockstream Jade Security Disclosure \ stacker news ~bitcoin
TL;DR: Vulnerability: A buffer overflow bug in Jade hardware wallet firmware (versions 1.0.24-1.0.36) that could allow malware on a connected compu...
