Bitrefill links Lazarus Group to employee laptop hack, stolen funds

Bitrefill didn’t reveal how much money was drained in the March 1 incident but said it will absorb the losses using its operational capital.

Crypto e-commerce store Bitrefill has revealed it was the victim of a cybersecurity attack on March 1, with the methods used closely resembling those of Lazarus Group, North Korea’s notorious hacking organization.

In a post to X on Tuesday, Bitrefill said the hackers used malware, on-chain tracing, and reused IP and email infrastructure to compromise an employee’s laptop, enabling them to drain funds from the company’s hot wallets while also accessing 18,500 purchase records, potentially revealing “limited customer information.”

Bitrefill said BlueNoroff Group, another North Korean hacking organization with close ties to the Lazarus Group, may have also been involved or been the sole attacker.

Read more