Bitrefill reports Lazarus-style exploit drained funds and exposed some user data
Bitrefill suffered a sophisticated cyberattack on March 1, linked to Lazarus Group, draining funds and exposing some user data.Summary
Crypto-to-gift-card platform Bitrefill disclosed a major cyberattack that occurred on March 1, which they attribute to the Lazarus Group due to strong similarities in tactics. The attackers gained access via a compromised employee device using a legacy credential, allowing them to extract production secrets and compromise parts of the database and crypto wallets, leading to the draining of company funds and exploitation of gift card inventory.
The breach affected approximately 18,500 purchase records, exposing customer email addresses, crypto payment addresses, and IP metadata. About 1,000 transactions involving customer names may also have been exposed, though that data was encrypted. Bitrefill confirmed that customer-held gift cards, store credits, and account balances were unaffected, and KYC data is stored externally. The company is working with security firms and law enforcement, plans to cover losses from operational capital, and is implementing enhanced security measures, including automated shutdown protocols.
(Source:Crypto Briefing)