Crypto gift card platform Bitrefill disclosed a March 1 breach that exposed 18,500 purchase records and drained hot wallets, attributing the attack to North Korea's Lazarus Group.
Crypto payments platform Bitrefill has confirmed that North Korea-linked hackers breached its systems on March 1, compromising 18,500 purchase records and draining cryptocurrency from hot wallets.
Bitrefill disclosed on March 17 that attackers gained access through a compromised employee laptop, which contained legacy credentials with production secrets. From that entry point, the hackers spread across the company's infrastructure, reaching its database and cryptocurrency hot wallets.
The breach was detected after Bitrefill noticed suspicious purchasing patterns among suppliers, indicating the attackers were exploiting its gift card inventory and supply chains. The company took all systems offline immediately. Recovery and infrastructure rebuilding took over two weeks, with most services now restored to normal operation.
Bitrefill attributed the attack to the Lazarus Group (also known as Bluenoroff), a North Korean state-sponsored hacking collective. The attribution is based on malware analysis, on-chain transaction tracing, and reused IP and email addresses previously linked to North Korean operations.
The Lazarus Group has been responsible for some of crypto's largest thefts, including the $1.5 billion Bybit hack in February 2025. This latest incident reinforces that even smaller crypto platforms remain targets for sophisticated state-sponsored actors. Approximately 18,500 purchase records were partially exposed, including email addresses, crypto payment addresses, and IP metadata. Around 1,000 encrypted customer names may also have been compromised.
Bitrefill has committed to covering all losses from operational capital and has notified affected users directly by email. The company says it is implementing enhanced security reviews, stricter access controls, and improved monitoring systems. The exact dollar amount drained from hot wallets has not been disclosed. This incident adds to a growing list of Lazarus Group attacks in 2025-2026, raising pressure on crypto firms to strengthen employee security practices and reduce reliance on legacy credentials.
The Bitrefill breach is another reminder that human-factor vulnerabilities, specifically compromised employee devices, remain the primary attack vector for state-sponsored hackers targeting crypto platforms. As Lazarus Group activity continues to escalate, the industry faces growing urgency to adopt zero-trust security models.
Wall Street giant Citigroup projects Bitcoin could reach $143,000 within 12 months, citing ETF demand and regulatory tailwinds as key catalysts.
The largest US bank is assessing spot and derivatives trading services as regulatory clarity enables traditional finance to deepen crypto involvement.
All 12 U.S. spot Bitcoin ETFs saw positive inflows on March 2, totaling $458M as BTC rebounds from February lows.
Disclaimer: News content is for informational purposes only and should not be considered financial advice. Market conditions can change rapidly. Always conduct your own research.
