Bitrefill hit by hacking attack… Signs of North Korea’s Lazarus involvement

Crypto asset payments platform Bitrefill was hit by a hacking attack that resulted in funds being stolen, and indications of involvement by North Korea’s Lazarus Group have been identified.

According to Cointelegraph on the 17th (local time), Bitrefill said it suffered a cyberattack on March 1 in which an employee laptop was infected with malware, leading to an outflow of funds from its hot wallet.

Bitrefill explained that “the attacker compromised employee devices using malware, on-chain tracking, and reused IP and email infrastructure.”

The attack also enabled access to roughly 18,500 purchase records, raising the possibility that some customer information was exposed. The company emphasized, however, that there were no confirmed signs that the entire database was leaked.

Bitrefill said, “The attacker appears to have conducted limited queries to determine what assets could be stolen, rather than extracting the entire database.”

North Korean hacking group BlueNoroff, which is linked to the Lazarus Group, was also cited as being behind the attack. Bitrefill said the group may have carried out the attack alone or in collaboration.

The amount of funds stolen was not disclosed, but the company said it “will fully cover the loss with operating funds.”

Bitrefill said services have now returned to normal. The company stated, “Most functions—payments, inventory, accounts, and more—are back to normal, and sales volumes have recovered,” adding that it is “grateful for customers’ trust.”

Following the incident, Bitrefill said it has worked with law enforcement agencies and security firms in its response, and has significantly strengthened security measures, including tighter internal access controls and improved monitoring systems.