https://www.bleepingcomputer.com/news/security/poisonseed-phishing-campaign-behind-emails-with-wallet-seed-phrases/

A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets.

According to SilentPush, the campaign targets Coinbase and Ledger using compromised accounts at Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho.