Bitrefill Discloses Cyberattack, Points to North Korea’s Lazarus Group
Bitrefill suffered a cyberattack starting March 1, likely perpetrated by North Korea's Lazarus Group, resulting in stolen funds and limited customer data exposure.Summary
Crypto e-commerce platform Bitrefill disclosed a cyberattack that began on March 1, originating from a compromised employee laptop. The attackers gained access to legacy credentials, allowing them to steal an undisclosed amount of cryptocurrency from hot wallets and exploit gift card inventory systems. Bitrefill stated it will absorb the losses using operational capital. The breach exposed approximately 18,500 purchase records, including email addresses and cryptocurrency payment addresses, and potentially around 1,000 encrypted customer names. The company emphasized that customer data was not the primary target, as they store minimal personal data and KYC information is handled externally. Indicators, including malware similarities, reused infrastructure, and on-chain patterns, point toward North Korea’s Lazarus Group as the likely perpetrator. Bitrefill has since restored normal operations after temporarily taking systems offline.
(Source:Bitcoin Magazine)