• Hackers are targeting business CRM accounts to steal mailing lists
• Emails used to send spam and trick people into setting up compromised crypto wallets
• The goal is to steal the money, so be on your guard

Hackers are stealing mailing lists from major companies and using them to break into people’s cryptocurrency wallets and snatch their funds.

A new report from cybersecurity researchers Silent Push, who dubbed the campaign ‘PoisonSeed’, outlined how the criminals first set up spoofed landing pages for companies such as Coinbase, Ledger, Mailchimp, SendGrid, Hubspot, and others. They harvest people’s login credentials, which allow cybercriminals to log into mailing service accounts and exfiltrate any mailing lists.

Then they would send emails, impersonating those companies, and urging users to set up a new Coinbase Wallet, using the seed phrase embedded in the email. A seed phrase is a series of 12 to 24 words generated by the wallet that gives access to the funds inside. It acts as a master key, so anyone who has it can restore the wallet and control the cryptocurrencies inside.

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

Seed phrase poisoning attack

"Recipients of the bulk spam are targeted with a cryptocurrency seed phrase poisoning attack," Silent Push explained.

"As part of the attack, PoisonSeed provides security seed phrases to get potential victims to copy and paste them into new cryptocurrency wallets for future compromising."

Once users set up new wallets, and top them up with their funds, the criminals can simply send the money elsewhere, which is a permanent loss for the victims.

The researchers believe the campaign is the work of two “loosely aligned” threat actors, called Scattered Spider, and CryptoChameleon, both of which are reportedly part of a broader cybercrime ecosystem called The Com.

Since cryptocurrency is permissionless and decentralized, once the funds are sent from one wallet to another, the only way to retrieve them is to have the other side send the money back.

In 2024, the US government has seized tens of millions of dollars' worth of crypto, as part of a broader investigation into market manipulation, theft, fraud, and more.

Via The Hacker News

You might also like

• Hundreds of masterminds behind most pump-and-dump crypto coin schemes worldwide collect a staggering $250 million annually
• We've rounded up the best password managers
• Take a look at our guide to the best authenticator app