Bitrefill Discloses Cyberattack on March 1, Suspected to Be Carried Out by North Korean Hackers Lazarus Group

Gate News: On March 18, cryptocurrency e-commerce and gift card company Bitrefill disclosed that on March 1, they experienced a cyberattack suspected to be carried out by the North Korea-backed hacking group Lazarus Group. The attack originated from a compromised employee laptop, with hackers stealing some hot wallet funds and making suspicious purchases from their vendors. The attackers also infiltrated Bitrefill’s broader infrastructure, including parts of their databases and certain cryptocurrency wallets, resulting in approximately 18,500 purchase records being accessed. Limited customer information such as email addresses, crypto payment addresses, and IP addresses was exposed. About 1,000 records containing encrypted customer names are at risk of exposure, and the company has contacted the affected individuals. Bitrefill stated that most purchases do not require KYC, and KYC-related data is only held by external providers; the company has no backups of this data. Investigations revealed that the attackers did not extract the entire database but performed limited queries to identify targets for theft, including cryptocurrency and gift card inventories. The company is covering any operational losses and is working with security teams such as zeroShadow and SEAL911. Currently, payment, inventory, and account functions have largely been restored, and sales have returned to normal.