Bitrefill disclosed that it suffered a cyberattack earlier this month, suspected to be carried out by the North Korean hacker group Lazarus Group.

PANews reported on March 18 that, according to The Block, cryptocurrency e-commerce and gift card company Bitrefill disclosed that it suffered a cyberattack on March 1, suspected to be carried out by the North Korean-backed hacking group Lazarus Group. The attack stemmed from the compromise of an employee's laptop, where hackers stole funds from a hot wallet and made suspicious purchases from its suppliers. The attackers also compromised Bitrefill's broader infrastructure, including parts of its database and certain cryptocurrency wallets, resulting in access to approximately 18,500 purchase records involving limited customer information such as email addresses, encrypted payment addresses, and IP addresses. Approximately 1,000 of these records exposed the encrypted customer names, and the company has contacted the individuals involved.

Bitrefill stated that KYC is not mandatory for most purchases, and KYC-related data is only held by an external KYC provider; there are no backups in the company's systems. The investigation revealed that the attackers did not extract the entire database, but only performed limited queries to probe for potential targets, including cryptocurrency and gift card inventory. The company will "assume" any loss of operating capital and is collaborating with security teams such as zeroShadow and SEAL911 to address the issue. Currently, payment, inventory, and account functions have largely returned to normal, and sales have also recovered.