Bitrefill Hack Linked to Lazarus Group Exposes 18,500 Records

Crypto payments platform Bitrefill has attributed a March 1 cyberattack to the Lazarus Group, resulting in compromised infrastructure and exposed customer data. The breach led to unauthorized access to production keys, allowing attackers to drain funds from hot wallets and retrieve approximately 18,500 purchase records. These records included email addresses, crypto payment details and IP-related metadata, while around 1,000 entries contained encrypted usernames.

The incident began with a compromised employee laptop, which exposed legacy credentials and enabled attackers to infiltrate internal systems. Once inside, the attackers exploited supply chains linked to gift card inventory and initiated suspicious transactions, prompting the company to take systems offline to limit further damage.

Limited Data Extraction but Ongoing Investigation

The company stated that attackers appeared to focus on crypto balances and operational systems rather than extracting its full database. Affected users have been notified, and investigations are ongoing with support from security teams and law enforcement agencies.

Security Upgrades and Operational Recovery Underway

Following the breach, Bitrefill has enhanced monitoring systems, tightened access controls and conducted external security testing. The firm confirmed it will cover financial losses using operational funds, with most services now restored and running normally.

Disclaimer

This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.