The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin) episode artwork

EPISODE · Dec 7, 2025 · 30 MIN

The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin)

from The CISO Signal: True Cybercrime Podcast · host Jeremy Ladner

The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin)When attackers breached HubSpot in March 2022, they weren’t after HubSpot at all.They were after the customers of its customers.Crypto firms like Trezor, BlockFi, and Swan Bitcoin suddenly saw their users targeted by near-perfect phishing emails designed to steal recovery seeds and drain wallets. And just weeks later, another SaaS provider, Klaviyo, was hit the same way. The message was clear:You can defend your castle…but attackers will go after the people guarding your gates.This week on The CISO Signal | True Cybercrime Podcast, we dissect the SaaS-supply-chain breach that shook the crypto world and the coordinated response that stopped it from becoming a full-scale disaster.🎙 Guest CISO Co-Host: Scott KisserChief Information Security Officer – Swan BitcoinFormer security leader at Salesforce, DocuSign, Amazon, and F5.Scott takes us inside the incident response:• How a single phished employee put the SaaS ecosystem at risk• Why crypto companies were the downstream target• The race to warn customers before attackers drained wallets• How CISOs must rethink vendor access and trust assumptions• Why no major funds were stolen — and why that victory mattersThis wasn’t a tale of ransomware, it was a breach of trust.And a reminder that SaaS is now part of every organization’s attack surface.🔍 Episode TopicsVendor compromise → internal tool access → crypto user phishingThe human element behind SaaS securityWhat leadership communication looks like when trust is shakenThe new rules of defending against third-party attack vectors🏴‍☠️ Key Players• HubSpot — initial breach vector• Klaviyo — second SaaS compromise• Trezor & Swan Bitcoin — downstream targets• Crypto customers — the true victims• CISOs — left to restore confidence & reshape strategy💡 Takeaway for CISOs“You’re only as strong as the SaaS identities you can’t see.”🧩 About The CISO SignalHollywood-style storytelling meets real cybersecurity lessons.Every episode, CISOs break down the world’s most notorious cyberattacks — what happened, what broke, and what must change.Subscribe & ring the bell so you never miss an investigation. 🛎️👉   / @thecisosignal  📣 Connect with Us🌐 Website: thecisosignal.transistor.fm🔗 LinkedIn: linkedin.com/company/the-ciso-signalSubscribe & share to stay ahead of the world’s most sophisticated cyber threats.🔥 Hashtags#CISOSignal #HubSpotBreach #Klaviyo #SaaSSecurity #CryptoSecurity #SupplyChainAttack #SocialEngineering #Phishing #SecurityPodcast #TrueCybercrime #ScottKisser #SwanBitcoin #Trezor

The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin)When attackers breached HubSpot in March 2022, they weren’t after HubSpot at all.They were after the customers of its customers.Crypto firms like Trezor, BlockFi, and Swan Bitcoin suddenly saw their users targeted by near-perfect phishing emails designed to steal recovery seeds and drain wallets. And just weeks later, another SaaS provider, Klaviyo, was hit the same way. The message was clear:You can defend your castle…but attackers will go after the people guarding your gates.This week on The CISO Signal | True Cybercrime Podcast, we dissect the SaaS-supply-chain breach that shook the crypto world and the coordinated response that stopped it from becoming a full-scale disaster.🎙 Guest CISO Co-Host: Scott KisserChief Information Security Officer – Swan BitcoinFormer security leader at Salesforce, DocuSign, Amazon, and F5.Scott takes us inside the incident response:• How a single phished employee put the SaaS ecosystem at risk• Why crypto companies were the downstream target• The race to warn customers before attackers drained wallets• How CISOs must rethink vendor access and trust assumptions• Why no major funds were stolen — and why that victory mattersThis wasn’t a tale of ransomware, it was a breach of trust.And a reminder that SaaS is now part of every organization’s attack surface.🔍 Episode TopicsVendor compromise → internal tool access → crypto user phishingThe human element behind SaaS securityWhat leadership communication looks like when trust is shakenThe new rules of defending against third-party attack vectors🏴‍☠️ Key Players• HubSpot — initial breach vector• Klaviyo — second SaaS compromise• Trezor & Swan Bitcoin — downstream targets• Crypto customers — the true victims• CISOs — left to restore confidence & reshape strategy💡 Takeaway for CISOs“You’re only as strong as the SaaS identities you can’t see.”🧩 About The CISO SignalHollywood-style storytelling meets real cybersecurity lessons.Every episode, CISOs break down the world’s most notorious cyberattacks — what happened, what broke, and what must change.Subscribe & ring the bell so you never miss an investigation. 🛎️👉   / @thecisosignal  📣 Connect with Us🌐 Website: thecisosignal.transistor.fm🔗 LinkedIn: linkedin.com/company/the-ciso-signalSubscribe & share to stay ahead of the world’s most sophisticated cyber threats.🔥 Hashtags#CISOSignal #HubSpotBreach #Klaviyo #SaaSSecurity #CryptoSecurity #SupplyChainAttack #SocialEngineering #Phishing #SecurityPodcast #TrueCybercrime #ScottKisser #SwanBitcoin #Trezor

NOW PLAYING

The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin)

0:00 30:14

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of The CISO Signal: True Cybercrime Podcast?

This episode is 30 minutes long.

When was this The CISO Signal: True Cybercrime Podcast episode published?

This episode was published on December 7, 2025.

What is this episode about?

The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin)When attackers breached HubSpot in March 2022, they weren’t after HubSpot at all.They were after the customers of its customers.Crypto firms like Trezor, BlockFi,...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this The CISO Signal: True Cybercrime Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!