US Edition
Bitrefill blames North Korea-linked Lazarus hacker group for compromising 18,500 purchase records
The Lazarus Group exploited a compromised employee laptop to access 18,500 purchase records and drain hot-wallet funds, according to Bitrefill's detailed report.
- On March 1, 2026, Bitrefill blamed the North Korea-linked Lazarus Group for a breach that compromised parts of its infrastructure, cryptocurrency hot wallets, and accessed approximately 18,500 purchase records.
- A compromised employee laptop exposed legacy credentials, allowing attackers broader access to production systems while company logs show they targeted gift-card inventory and cryptocurrency holdings.
- Investigators traced malware and on-chain tracing techniques used to drain funds from hot wallets and move them to attacker-controlled addresses, affecting about 1,000 encrypted records.
- Bitrefill says it will cover losses from operational capital and noted it is well-funded; most systems including payments, stock and accounts are back online while it coordinates with security researchers, incident response teams, on-chain analysts and law enforcement.
- The company outlined measures including comprehensive penetration tests with external experts, tighter internal access controls, and improved logging and monitoring, highlighting the need for vigilance in crypto and on-chain security.
28 Articles
28 Articles
North Korean hackers linked to theft from crypto gift card service
North Korean cybercriminals stole virtual funds from a cryptocurrency gift card service and accessed over 18,000 customer purchase records, the Sweden-based company announced on Tuesday. In a statement posted on social media, Bitrefill said attackers breached its systems on March 1 and “exploited” its gift card stock and supply chain to steal cryptocurrency. It did […]
Bitrefill Releases Post-Mortem after it Suffered Significant Cyberattack
The cryptocurrency payments and gift card platform Bitrefill suffered a significant cyberattack. The company disclosed the incident in a detailed post-mortem. The attack began with a compromised employee laptop likely via malware or phishing, which allowed access to legacy credentials and parts of the internal infrastructure. Attackers gained access to production keys, drained funds from […] The post Bitrefill Releases Post-Mortem after it Suffe…
The Swedish Bitrefill platform, specializing in the purchase of cryptocurrency gift cards, has just revealed that it has been subjected to a cyber attack on 1 March 2026, attributed to the Lazarus group, linked to North Korea. Balance sheet: several crypto walls have been emptied, and about 18,500 client files compromised. L的article The Bitrefill crypto platform victim of the North Korean hackers Lazarus appeared first on Cryptoast.
Vitryfil, headquartered in Sweden and providing cryptocurrency payment and gift certificate sales services worldwide, announced that it was subjected to a cyber attack on March 1 and that it appears to be the work of the North Korean-linked hacking group Lazarus.
The Swedish Bitrefill platform, specialized in the purchase of gift cards with digital assets, was the victim of a major cyber attack on 1 March. Assigned to the Lazarus group, the intrusion was initiated via an employee's computer, resulting in the siphoning of wallets and access to 18,500 customer files. The company quickly reacted to contain the attack.
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
