Massive PoisonSeed Phishing Campaign Seeks Extensive Crypto Theft
Threat actors steal credentials to gain persistent access to the compromised account.
Mass email sending services were used for the mass distribution of crypto seed phrase-containing messages, aimed at compromising Coinbase and Ledger cryptocurrency wallets.
According to BleepingComputer Mailchimp, SendGrid, Mailgun, HubSpot, and Zoho accounts were accessed as part of the widespread PoisonSeed campaign, which has already impacted the Mailchimp account of Have I Been Pwned administrator Troy Hunt and certain Coinbase users last month.
After pilfering credentials from high-value customer relationship management and bulk email platform users, duped by seemingly…
