EPISODE · Dec 7, 2025 · 30 MIN
The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin)
from The CISO Signal: True Cybercrime Podcast · host Jeremy Ladner
The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin)When attackers breached HubSpot in March 2022, they weren’t after HubSpot at all.They were after the customers of its customers.Crypto firms like Trezor, BlockFi, and Swan Bitcoin suddenly saw their users targeted by near-perfect phishing emails designed to steal recovery seeds and drain wallets. And just weeks later, another SaaS provider, Klaviyo, was hit the same way. The message was clear:You can defend your castle…but attackers will go after the people guarding your gates.This week on The CISO Signal | True Cybercrime Podcast, we dissect the SaaS-supply-chain breach that shook the crypto world and the coordinated response that stopped it from becoming a full-scale disaster.🎙 Guest CISO Co-Host: Scott KisserChief Information Security Officer – Swan BitcoinFormer security leader at Salesforce, DocuSign, Amazon, and F5.Scott takes us inside the incident response:• How a single phished employee put the SaaS ecosystem at risk• Why crypto companies were the downstream target• The race to warn customers before attackers drained wallets• How CISOs must rethink vendor access and trust assumptions• Why no major funds were stolen — and why that victory mattersThis wasn’t a tale of ransomware, it was a breach of trust.And a reminder that SaaS is now part of every organization’s attack surface.🔍 Episode TopicsVendor compromise → internal tool access → crypto user phishingThe human element behind SaaS securityWhat leadership communication looks like when trust is shakenThe new rules of defending against third-party attack vectors🏴☠️ Key Players• HubSpot — initial breach vector• Klaviyo — second SaaS compromise• Trezor & Swan Bitcoin — downstream targets• Crypto customers — the true victims• CISOs — left to restore confidence & reshape strategy💡 Takeaway for CISOs“You’re only as strong as the SaaS identities you can’t see.”🧩 About The CISO SignalHollywood-style storytelling meets real cybersecurity lessons.Every episode, CISOs break down the world’s most notorious cyberattacks — what happened, what broke, and what must change.Subscribe & ring the bell so you never miss an investigation. 🛎️👉 / @thecisosignal 📣 Connect with Us🌐 Website: thecisosignal.transistor.fm🔗 LinkedIn: linkedin.com/company/the-ciso-signalSubscribe & share to stay ahead of the world’s most sophisticated cyber threats.🔥 Hashtags#CISOSignal #HubSpotBreach #Klaviyo #SaaSSecurity #CryptoSecurity #SupplyChainAttack #SocialEngineering #Phishing #SecurityPodcast #TrueCybercrime #ScottKisser #SwanBitcoin #Trezor
What this episode covers
The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin)When attackers breached HubSpot in March 2022, they weren’t after HubSpot at all.They were after the customers of its customers.Crypto firms like Trezor, BlockFi, and Swan Bitcoin suddenly saw their users targeted by near-perfect phishing emails designed to steal recovery seeds and drain wallets. And just weeks later, another SaaS provider, Klaviyo, was hit the same way. The message was clear:You can defend your castle…but attackers will go after the people guarding your gates.This week on The CISO Signal | True Cybercrime Podcast, we dissect the SaaS-supply-chain breach that shook the crypto world and the coordinated response that stopped it from becoming a full-scale disaster.🎙 Guest CISO Co-Host: Scott KisserChief Information Security Officer – Swan BitcoinFormer security leader at Salesforce, DocuSign, Amazon, and F5.Scott takes us inside the incident response:• How a single phished employee put the SaaS ecosystem at risk• Why crypto companies were the downstream target• The race to warn customers before attackers drained wallets• How CISOs must rethink vendor access and trust assumptions• Why no major funds were stolen — and why that victory mattersThis wasn’t a tale of ransomware, it was a breach of trust.And a reminder that SaaS is now part of every organization’s attack surface.🔍 Episode TopicsVendor compromise → internal tool access → crypto user phishingThe human element behind SaaS securityWhat leadership communication looks like when trust is shakenThe new rules of defending against third-party attack vectors🏴☠️ Key Players• HubSpot — initial breach vector• Klaviyo — second SaaS compromise• Trezor & Swan Bitcoin — downstream targets• Crypto customers — the true victims• CISOs — left to restore confidence & reshape strategy💡 Takeaway for CISOs“You’re only as strong as the SaaS identities you can’t see.”🧩 About The CISO SignalHollywood-style storytelling meets real cybersecurity lessons.Every episode, CISOs break down the world’s most notorious cyberattacks — what happened, what broke, and what must change.Subscribe & ring the bell so you never miss an investigation. 🛎️👉 / @thecisosignal 📣 Connect with Us🌐 Website: thecisosignal.transistor.fm🔗 LinkedIn: linkedin.com/company/the-ciso-signalSubscribe & share to stay ahead of the world’s most sophisticated cyber threats.🔥 Hashtags#CISOSignal #HubSpotBreach #Klaviyo #SaaSSecurity #CryptoSecurity #SupplyChainAttack #SocialEngineering #Phishing #SecurityPodcast #TrueCybercrime #ScottKisser #SwanBitcoin #Trezor
NOW PLAYING
The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin)
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m