CyberSecurityBoard
Sponsor Register Login

PoisonSeed phishing campaign behind emails with wallet seed phrases

The phishing email includes a Coinbase wallet seed phrase, telling the user to enter it into a new crypto wallet as part of an upgrade or migration. If the victim follows this instruction and transfers their assets into it, they essentially "poison" their wallets, enabling the threat actors to access and drain them. The researchers link the campaign to recent incidents, such as the case of Troy Hunt's Mailchimp account compromise from late last month and an Akamai SendGrid account hack BleepingComputer reported in mid-March 2025, where the legitimate account was used to send out Coinbase seed phrase phishing emails. A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. That is because, when creating a new wallet, the victim isn't using a secure, pre-generated seed phrase from the company (Coinbase) like they are made to believe, but instead using one for a wallet already under the attackers' control. Cryptocurrency wallet users should never use a seed phrase provided by someone else, as a legitimate platform will never send a pre-generated seed phrase.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 04 Apr 2025 16:50:14 +0000


Cyber News related to PoisonSeed phishing campaign behind emails with wallet seed phrases

PoisonSeed phishing campaign behind emails with wallet seed phrases - The phishing email includes a Coinbase wallet seed phrase, telling the user to enter it into a new crypto wallet as part of an upgrade or migration. If the victim follows this instruction and transfers their assets into it, they essentially ...
1 month ago Bleepingcomputer.com
New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack - A sophisticated phishing campaign dubbed “PoisonSeed” has emerged targeting customer relationship management (CRM) and bulk email service providers in a concerning supply chain attack. Security researchers have observed the campaign ...
1 month ago Cybersecuritynews.com Scattered Spider
Coinbase phishing email tricks users with fake wallet migration - A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. Instead, the phishing email includes a recovery phrase, which ...
1 month ago Bleepingcomputer.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
1 year ago Techrepublic.com
FreeDrain Phishing Attack Users to Steal Users Financial Login Credentials - Cyber Security News - These initial lure pages-typically a single large image of a legitimate wallet interface-redirect users through a series of hops before eventually reaching a phishing page designed to steal wallet seed phrases. This sophisticated campaign leverages ...
12 hours ago Cybersecuritynews.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com
Hackers Stolen Over $58 Million Crypto Via Malicious Google Ads - Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time. Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. Several techniques ...
1 year ago Gbhackers.com
Lazarus hacked Bybit via breached Safe{Wallet} developer machine - While investigating the attack, crypto fraud investigator ZachXBT discovered links between the Bybit hackers and the infamous North Korean Lazarus threat group after the attackers sent some of the stolen Bybit funds to an Ethereum address previously ...
2 months ago Bleepingcomputer.com Lazarus Group
Spotting Phishing Attacks with Image Verification Techniques - Phishing refers to the tactic used by scammers who impersonate reputable brands and lure victims to click on suspicious links so that they can breach the privacy and sensitive data of individuals. You can call image-based phishing a relatively ...
3 weeks ago Cybersecuritynews.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
1 year ago Hackread.com
Splunk: AI isn't making spear phishing more effective - Despite increased concerns, AI tools won't give adversaries an advantage when it comes to sending effective phishing emails, according to new research by Splunk's Surge security research team. In a blog post Thursday, Tamara Chacon, security ...
1 year ago Techtarget.com
New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys - The cybersecurity researchers at Checkmarx uncovered a series of new supply chain attacks that exploited the Python Package Index (PyPI) in September 2024 using malicious packages to target cryptocurrency wallets. These packages identified as ...
7 months ago Hackread.com
Top Characteristics of a QR Code Phishing Email - As campaigns using QR codes grow in size and complexity it is important to track not just the QR codes themselves, but also the context of the emails delivering the QR codes. Others use images embedded in the email or QR codes rendered from external ...
1 year ago Securityboulevard.com
Navigating the Perilous Waters of Crypto Phishing Attacks - Key Highlights: Check Point Research Unveils Rise in Sophisticated Crypto Phishing: An investigation reveals an alarming increase in advanced phishing schemes targeting a variety of blockchain networks, employing wallet-draining techniques. ...
1 year ago Blog.checkpoint.com
Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
1 year ago Darkreading.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
1 year ago Cyberdefensemagazine.com
Malicious npm and PyPI Pose as Developer Tools to Steal Login Credentials - The researchers noted that the packages employ various exfiltration methods to transmit stolen credentials to threat actors, with react-native-scrollpageviewtest using Google Analytics as its exfiltration channel, while the PyPI packages leverage ...
2 weeks ago Cybersecuritynews.com
Hackers Use Fake DocuSign Templates to Scam Organizations - A surge in phishing attacks that use emails appearing to be from DocuSign is being fueled by a Russian dark web marketplace that has a wide range of take templates and login credentials. Eventually, the search led them to the Russian marketplace, ...
11 months ago Securityboulevard.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
Nest Wallet CEO Loses $125,000 in Wallet Draining Scam - The co-founder and CEO of a startup cryptocurrency wallet said he lost $125,000 in crypto in a scam, becoming among the latest victims of the growing threat of wallet drainer malware that one cybersecurity firm stole almost $300 million from more ...
1 year ago Securityboulevard.com
Critical Vulnerabilities in Browser Wallets Let Attackers Drain your Funds - Meanwhile, Coin98 Wallet contained a vulnerability allowing attackers to send crafted messages with isDev:true parameter to the Content Script, making the Background Script believe commands came from the legitimate Wallet UI rather than a malicious ...
2 weeks ago Cybersecuritynews.com CVE-2023-40580
Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign - A threat actor known for repeatedly targeting organizations in Ukraine with the RemcosRAT remote surveillance and control tool is back at it again, this time with a new tactic for transferring data without triggering endpoint detection and response ...
1 year ago Darkreading.com
Telegram is a Wide-Open Marketplace for Phishing Tools - The encrypted messaging app Telegram has become a veritable marketplace for bad actors who want to launch effective phishing campaigns on the cheap, essentially democratizing the cyberthreat, according to researchers at cybersecurity firm Guardio. ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)