PANews reported on April 7 that according to Decrypt, cybersecurity experts recently discovered a double malware attack targeting users inside and outside the cryptocurrency industry. In its latest report, cyber intelligence company Silent Push revealed a malicious activity called PoisonSeed, which first forged the login pages of bulk email service providers such as Mailchimp and SendGrid to steal user credentials. The attacker sent a fake email, claiming that the user's account was restricted, tricking them into logging into a high-imitation website. After entering the credentials, the attacker quickly and automatically exported the email subscription list. Subsequently, the attacker used the stolen subscription list to impersonate Coinbase to send phishing emails to the victim's contacts, saying that the exchange "is transitioning to a self-hosted wallet" and attached a 12-word mnemonic phrase to trick users into importing their wallets, but in fact let hackers control their assets.

Troy Hunt, regional director of Microsoft, was attacked due to jet lag and fatigue. Although he changed his password in time, the subscription list of 56,000 users had been stolen. Hunt later said: "This phishing email is cleverly designed. It uses the fear of 'unable to send newsletters' to create a sense of urgency, but it does not exaggerate the threat, which makes it difficult to defend." Although PoisonSeed uses a similar domain name to Scattered Spider and CryptoChameleon organizations that have targeted Coinbase and Ledger users, Silent Push believes that it is an independent attacker behind it.