The crypto payments and gift card platform disclosed the incident in a detailed report, citing similarities to past operations attributed to the DPRK’s Lazarus and Bluenoroff groups based on malware, infrastructure reuse and onchain tracing.

According to Bitrefill’s statement on Tuesday, the breach began with a compromised employee laptop, allowing attackers to extract a legacy credential tied to production systems. That access enabled escalation into broader infrastructure, including parts of the company’s database and certain cryptocurrency hot wallets.

The company said it detected the intrusion after identifying suspicious purchasing patterns and irregularities in supplier activity. Investigators later confirmed that attackers exploited gift card inventory systems while simultaneously draining funds from hot wallets to addresses under their control.

Bitrefill took its systems offline immediately after confirming the breach, calling the shutdown a necessary step to contain the attack across its global e-commerce operations spanning multiple suppliers, payment rails, and regions.

The firm said approximately 18,500 purchase records were accessed, including limited user data such as email addresses, crypto payment addresses and IP metadata. Around 1,000 records that included customer names—encrypted in the database—are being treated as potentially exposed due to possible access to encryption keys, with affected users notified.

Bitrefill emphasized that it stores minimal personal data and does not require mandatory know-your-customer verification, noting that any identity data is handled by external providers rather than stored internally. The company added there is no evidence its full database was exfiltrated.

The company said it is working with cybersecurity firms, onchain analysts and law enforcement while strengthening internal controls, expanding monitoring systems and conducting additional security audits. Bitrefill said operations have largely returned to normal and that losses will be covered using operational capital.

• What happened in the Bitrefill hack?
  Bitrefill suffered a March 1 cyberattack that led to drained funds and limited access to customer purchase records.
• Was customer data stolen?
  About 18,500 records were accessed, including emails and crypto addresses, but no full database exfiltration was confirmed.
• Who is suspected behind the attack?
  Bitrefill said indicators suggest links to North Korea’s Lazarus or Bluenoroff hacking groups.
• What should users do now?
  The company advises staying alert for suspicious messages but says no immediate action is required at this time.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。