Threat actors steal credentials to gain persistent access to the compromised account.
Mass email sending services were used for the mass distribution of crypto seed phrase-containing messages, aimed at compromising Coinbase and Ledger cryptocurrency wallets.
According to BleepingComputer Mailchimp, SendGrid, Mailgun, HubSpot, and Zoho accounts were accessed as part of the widespread PoisonSeed campaign, which has already impacted the Mailchimp account of Have I Been Pwned administrator Troy Hunt and certain Coinbase users last month.
After pilfering credentials from high-value customer relationship management and bulk email platform users, duped by seemingly legitimate phishing emails, threat actors proceed with mailing list exports and new API key generation for persistent access to the compromised account.
According to an analysis from
SilentPush, inputting the provided wallet seed phrase during the migration process would allow malicious access to the new cryptocurrency wallet, with researchers advising users to ignore urgent email requests and verify potential alerts from the actual platform cited in the emails.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
