The notorious Lazarus Group may have been behind a cyberattack on crypto e-commerce store Bitrefill, the firm estimates.
Summary
- Bitrefill linked a March 1 cyberattack to tactics associated with the Lazarus and BlueNoroff groups, after attackers compromised an employee laptop and drained funds from hot wallets.
- Around 18,500 purchase records were accessed, though the company said only limited customer information was exposed and there was no evidence of a full database breach.
Detailing the March 1 incident in a Tuesday X post, the firm said the attackers used malware, on-chain tracing, and reused IP and email infrastructure to drain funds from its hot wallets after compromising an employee’s laptop. Attackers also allegedly accessed around 18,500 purchase records, although this involved only “limited customer information.”
“We find many similarities between this attack and past cyberattacks by the DPRK Lazarus / Bluenoroff group against other companies in the crypto industries,” the firm wrote.
Bitrefill is a crypto e-commerce platform that allows customers to spend digital assets on real-world products and gift cards. It added that the attackers were primarily financially motivated, as there was “no evidence that they extracted our entire database.”
“The attackers ran a limited number of queries consistent with probing to understand what there was to steal, including cryptocurrency and Bitrefill gift card inventory,” it added.
Bitrefill did not disclose how much crypto was stolen but said it would absorb the losses from its operational capital.
“We have already significantly improved our cybersecurity practices, but vow to continue to draw learnings from this experience to make sure user and company balances and data remain maximally safe,” Bitrefill said, adding that all operations were back to normal.
The company has since strengthened its security posture and has contacted law enforcement while working with security firms to investigate and respond to the incident.
Lazarus group remains a major threat
Over the years, the Lazarus Group has been credited with some of the crypto industry’s largest hacks.
One of the biggest attacks involved crypto exchange Bybit, which lost around $1.4 billion last year. The group was also a suspected actor behind the hack of South Korean crypto exchange Upbit and UK-registered trading platform Lykke.
