Bitrefill says attack shows Lazarus Group patterns after hot wallets drained
Bitrefill disclosed a cyberattack on March 1, 2026, in which attackers drained funds from its hot wallets and accessed internal systems. The intrusion began with a compromised employee laptop, leading to the theft of legacy credentials and production secrets. Attackers exploited gift card inventory systems and moved funds to external addresses. Approximately 18,500 purchase records were accessed, including emails, crypto addresses, and metadata, with around 1,000 records including potentially exposed customer names. The investigation revealed similarities with tactics used by the Lazarus Group, though attribution was not definitive. Bitrefill has since restored systems, notified affected users, and strengthened security controls. The company stated it remains financially stable and will cover the losses from operational capital.
ambcrypto03/17 19:42
