Blockstream Jade Security Disclosure
https://blog.blockstream.com/jade-security-disclosure/
**TL;DR:**
**Vulnerability:** A buffer overflow bug in Jade hardware wallet firmware (versions 1.0.24-1.0.36) that could allow malware on a connected computer/phone to crash the device or potentially extract the user's private keys.
**Practical implications:**
- **Only exploitable if:** Device connected via USB/Bluetooth to malware-infected computer AND device was unlocked on that interface
- **Not vulnerable:** QR-only mode, uninitialized devices, or if using official Blockstream app on clean devices
- **No known exploits** in the wild
- **Fix:** Update to firmware 1.0.38+ immediately (includes anti-rollback protection)
- **Worst case:** Attacker could theoretically steal private keys if sophisticated malware was present