CP
cyberpings
BreachesHIGH

Bitrefill Breach - North Korea Allegedly Steals 18,500 Records

TRThe Record
BitrefillLazarus GroupNorth Koreadata breachcryptocurrency
🎯

Basically, hackers from North Korea stole a lot of purchase records from a crypto site called Bitrefill.

Quick Summary

Bitrefill faced a serious breach, with North Korean hackers stealing 18,500 purchase records. This incident puts customer data and cryptocurrency at risk. Stay alert and protect your information.

What Happened

On March 1, 2026, Bitrefill, a cryptocurrency e-commerce platform, faced a significant security breach. The company announced that hackers linked to North Korea's Lazarus Group accessed approximately 18,500 purchase records. These records included sensitive information such as email addresses, crypto payment addresses, and metadata like IP addresses. This breach was serious enough to force Bitrefill to take its systems offline temporarily.

The attack was detected after Bitrefill noticed unusual purchasing patterns that indicated their gift card stock was being exploited. Following an internal investigation, the company confirmed that the hackers gained access through a compromised employee laptop, which allowed them to exfiltrate a legacy credential. This credential was the key that opened the door to Bitrefill's broader infrastructure, including parts of their database and certain cryptocurrency wallets.

Who's Affected

The breach primarily affects Bitrefill's customers, particularly those who made purchases during the compromised period. With 18,500 purchase records exposed, customers may face risks related to their email addresses and crypto payment details. The company has stated that the hackers were not after the entire customer database but conducted limited queries to understand what valuable data they could steal.

Additionally, the incident raises concerns for the broader cryptocurrency community. As North Korean hackers have been known to target crypto platforms, this breach serves as a reminder of the vulnerabilities present in the e-commerce sector, especially those dealing with digital currencies.

What Data Was Exposed

The compromised data includes:

  • Email addresses of customers
  • Crypto payment addresses
  • Metadata, including IP addresses

While the exact amount of cryptocurrency stolen from Bitrefill's wallets has not been disclosed, the company confirmed that some funds were transferred to hacker-controlled wallets. This incident highlights the ongoing threat posed by state-sponsored hacking groups, particularly those from North Korea, who have been involved in numerous high-profile cyber thefts.

What You Should Do

If you are a Bitrefill customer, it is crucial to take immediate action to protect your information. Here are some recommended steps:

  • Change your passwords: Update your passwords for Bitrefill and any associated accounts.
  • Monitor your accounts: Keep an eye on your cryptocurrency wallets and accounts for any unauthorized transactions.
  • Enable two-factor authentication: If available, use two-factor authentication for added security.

Additionally, stay informed about the situation as Bitrefill continues to investigate the breach and work with law enforcement. This incident underscores the importance of cybersecurity vigilance, especially in the rapidly evolving world of cryptocurrency.

🔒 Pro insight: The tactics used in this breach mirror previous Lazarus Group operations, indicating a sophisticated understanding of Bitrefill's infrastructure.

Original article from

The Record

Read Full Article

Share

Related Pings

MEDIUMBreaches

Stryker - Restoring Ordering and Shipping Systems After Attack

Stryker is recovering from a cyberattack that disrupted its ordering and shipping systems. The company believes the threat is contained and is restoring operations. This incident highlights the importance of cybersecurity in healthcare.

Cybersecurity Dive·
HIGHBreaches

Data Breach - Marquis Exposes 672,000 Personal Records

Marquis has revealed a ransomware attack affecting over 672,000 people. Personal and financial data, including Social Security numbers, were stolen. This breach raises serious security concerns for those affected.

TechCrunch Security·
HIGHBreaches

Data Breach - Intuitive Hit by Phishing Attack

Intuitive has suffered a data breach following a phishing attack. Customer and corporate data were accessed, raising concerns about data security. The company assures that surgical systems remain unaffected.

SC Media·
HIGHBreaches

Data Breaches - UK Businesses Face Risks from Identity Security

UK businesses are facing significant risks of data breaches due to poor identity security practices. A recent report reveals that many organizations fail to deactivate ex-employee accounts promptly. This negligence, coupled with a rise in credential compromise incidents, puts sensitive data at risk. Immediate action is necessary to protect against potential breaches.

SC Media·
HIGHBreaches

Companies House - Security Issue Exposes Director Data

A security issue at Companies House exposed sensitive data of company directors. This breach raises serious privacy concerns for those affected. The agency is investigating the incident and taking action.

SC Media·
HIGHBreaches

Data Breach - Intuitive Suffers from Targeted Phishing Attack

Intuitive has reported a data breach due to a phishing attack, compromising sensitive customer and employee information. This incident underscores the ongoing cybersecurity challenges in healthcare. The company is taking steps to secure its systems and mitigate risks.

Security Affairs·