Bitrefill said it suffered a cybersecurity attack on March 1, with indicators pointing to tactics linked to North Korea’s hacking groups.
In a statement, the company said attackers compromised an employee’s device using malware and reused infrastructure such as IP addresses and emails to gain access to internal systems.
Attack linked to Lazarus-style methods
Bitrefill said the methods used resemble those of the Lazarus Group, a well-known cybercrime organization tied to multiple crypto attacks.
The company added that the BlueNoroff Group, which has links to Lazarus, may also have been involved.
Your completely free resource hub designed to boost your knowledge of cryptocurrencies
Hackers were able to access the company’s hot wallets and withdraw funds, while also retrieving around 18,500 purchase records that may include limited customer data.
Limited data exposure, financial motive
Bitrefill said there is no evidence that the attackers accessed its full database, suggesting the main goal was financial gain.
The company did not disclose the amount of funds lost but said it would cover the losses using its own capital.
Operations restored after incident
Bitrefill said most of its services have returned to normal, including payments, inventory and customer accounts.
The company added that sales activity has also recovered following the incident.
Security measures strengthened
Bitrefill reported to law enforcement after the breach and partnered with cybersecurity companies Security Alliance FearsOff Security Recoveris.io and zeroShadow to investigate the incident.
The company temporarily shut down its systems to contain the attack and has since introduced stronger security measures which include tighter access controls and improved monitoring systems.
The incident shows that crypto platforms face continuous danger because advanced hacking groups still attack the industry despite better security measures.
