The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin)
When attackers breached HubSpot in March 2022, they weren’t after HubSpot at all.

They were after the customers of its customers.

Crypto firms like Trezor, BlockFi, and Swan Bitcoin suddenly saw their users targeted by near-perfect phishing emails designed to steal recovery seeds and drain wallets. And just weeks later, another SaaS provider, Klaviyo, was hit the same way. The message was clear:

You can defend your castle…
but attackers will go after the people guarding your gates.

This week on The CISO Signal | True Cybercrime Podcast, we dissect the SaaS-supply-chain breach that shook the crypto world and the coordinated response that stopped it from becoming a full-scale disaster.

🎙 Guest CISO Co-Host: Scott Kisser
Chief Information Security Officer – Swan Bitcoin
Former security leader at Salesforce, DocuSign, Amazon, and F5.

Scott takes us inside the incident response:
• How a single phished employee put the SaaS ecosystem at risk
• Why crypto companies were the downstream target
• The race to warn customers before attackers drained wallets
• How CISOs must rethink vendor access and trust assumptions
• Why no major funds were stolen — and why that victory matters

This wasn’t a tale of ransomware, it was a breach of trust.
And a reminder that SaaS is now part of every organization’s attack surface.

🔍 Episode Topics

• Vendor compromise → internal tool access → crypto user phishing

• The human element behind SaaS security

• What leadership communication looks like when trust is shaken

• The new rules of defending against third-party attack vectors

🏴‍☠️ Key Players
• HubSpot — initial breach vector
• Klaviyo — second SaaS compromise
• Trezor & Swan Bitcoin — downstream targets
• Crypto customers — the true victims
• CISOs — left to restore confidence & reshape strategy

💡 Takeaway for CISOs
“You’re only as strong as the SaaS identities you can’t see.”

🧩 About The CISO Signal
Hollywood-style storytelling meets real cybersecurity lessons.
Every episode, CISOs break down the world’s most notorious cyberattacks — what happened, what broke, and what must change.

Subscribe & ring the bell so you never miss an investigation. 🛎️
👉 / @thecisosignal

📣 Connect with Us
🌐 Website: thecisosignal.transistor.fm
🔗 LinkedIn: linkedin.com/company/the-ciso-signal
Subscribe & share to stay ahead of the world’s most sophisticated cyber threats.

🔥 Hashtags
#CISOSignal #HubSpotBreach #Klaviyo #SaaSSecurity #CryptoSecurity #SupplyChainAttack #SocialEngineering #Phishing #SecurityPodcast #TrueCybercrime #ScottKisser #SwanBitcoin #Trezor