PoisonSeed Exploits CRM and Email Marketing Accounts To Target Crypto Accounts

Threat actors have been targeting CRM and email marketing service users since March 2025 to get access to their email lists and send phishing campaigns from their accounts.

First shared by Silent Push analysts, this campaign was dubbed PoisonSeed. The main objective is to send recipients of the bulk spam a cryptocurrency seed phrase to steal the victims’ digital assets.

The companies that have been targeted include Coinbase and Ledger (crypto companies), Mailchimp, SendGrid, Hubspot, Mailgun, and Zoho.

The spam campaigns sent from the accounts on these platforms primarily target individual crypto holders.

The attacks involve lookalike pages for well-known CRM and email service companies, aiming to trick high-value targets into providing their credentials.

Once the credentials are obtained, the threat actors create an API key to ensure uninterrupted access, even if the victim resets their password.

That’s only phase one.

Afterward, the cybercriminals export the mailing lists and send spam from those compromised accounts.

These spam messages inform users they need to set up a new Coinbase Wallet using the seed phrase embedded in the mail, which will be then used by the attackers to hijack the compromised accounts and transfer the funds from the compromised wallets.

PoisonSeed is just one of the many supply chain attacks that have already been deployed in 2025 (and supply chain attacks are just one of the many methods hackers are using to hack into people’s accounts).

So, we need to be more careful than ever when doing anything online.

It’s also essential to use online security software to protect yourself, from VPN services to antiphishing tools and antiviruses.

Although 2025 is set to be one of the years with the highest level of cybercrime, it’s possible to stay safe by following best practices and using the best software.