Crypto Gift Card Platform Bitrefill Discloses Hack, Points Finger at North Korean Groups

Bitrefill, a level that lets users speech cryptocurrency for acquisition cards and telephone work credit, disclosed Tuesday that it was targeted successful a March 1 cyberattack.

According to the firm, it began with a compromised worker laptop, past expanded into broader infrastructure aft attackers exfiltrated a bequest credential tied to a snapshot containing accumulation secrets.

In an incidental study posted to X, the institution said the attackers moved from archetypal entree into parts of its database and definite cryptocurrency wallets, portion besides exploiting acquisition paper inventory and supplier purchasing lines. Bitrefill said it detected the breach aft spotting suspicious supplier purchasing patterns. Once confirmed, it took each systems offline arsenic portion of containment.

The institution had antecedently disclosed connected March 1 that it was dealing with a “technical issue” and past aboriginal a “security issue,” astatine which constituent it took down each services. Tuesday was the archetypal clip that Bitrefill provided afloat details connected the onslaught and imaginable instigators.

The institution said its probe recovered aggregate indicators that it described arsenic akin to anterior manufacture attacks from the North Korean state-sponsored hacking groups Lazarus and Bluenoroff, including malware patterns, on-chain tracing, and reused infrastructure. Bitrefill said it has been moving with incidental responders, on-chain analysts, and instrumentality enforcement arsenic the probe continues.

On lawsuit impact, Bitrefill said logs amusement nary grounds of afloat database exfiltration, but a subset of records was accessed. The institution said astir 18,500 acquisition records were affected, including constricted fields specified arsenic email addresses, crypto outgo addresses, and metadata including IP addresses.

For astir 1,000 purchases requiring lawsuit names, Bitrefill said those fields were encrypted but is treating them arsenic perchance accessed due to the fact that attackers whitethorn person obtained applicable keys. The institution said users successful that subset were notified straight by email.

Bitrefill said it does not necessitate mandatory KYC and stores verification accusation with an outer provider, alternatively than successful interior backups. Based connected existent findings, the institution said it does not judge customers request to instrumentality circumstantial action, portion advising caution astir unexpected Bitrefill- oregon crypto-related communications.

The institution said astir operations are present backmost to normal, including payments, stock, and accounts, and that losses volition beryllium absorbed done operational capital. Bitrefill besides said it is continuing outer information reviews and penetration testing, tightening interior entree controls, and upgrading logging, monitoring, and incident-response automation.

North Korean hacking groups person been tied by authorities to galore salient crypto manufacture heists, including past year’s $1.4 cardinal Bybit speech hack, and 2022’s $622 cardinal hack of the Ronin gaming network tied to crypto crippled Axie Infinity. Last year, hackers linked to North Korea swiped over $2 cardinal worthy of crypto, per a study from Chainalysis.