{
    "id": 63710,
    "date": "2026-03-18T10:20:34",
    "date_gmt": "2026-03-18T03:20:34",
    "guid": {
        "rendered": "https:\/\/hbbgroup.net\/bitrefill-links-lazarus-group-to-employee-laptop-hack-stolen-funds\/"
    },
    "modified": "2026-03-18T10:20:34",
    "modified_gmt": "2026-03-18T03:20:34",
    "slug": "bitrefill-links-lazarus-group-to-employee-laptop-hack-stolen-funds",
    "status": "publish",
    "type": "post",
    "link": "https:\/\/hbbgroup.net\/en_us\/bitrefill-links-lazarus-group-to-employee-laptop-hack-stolen-funds\/",
    "title": {
        "rendered": "Bitrefill links Lazarus Group to employee laptop hack, stolen funds"
    },
    "content": {
        "rendered": "<div data-testid=\"html-renderer-container\">\n<p>Crypto e-commerce store Bitrefill has revealed it was the victim of a cybersecurity attack on March 1, with the methods used closely resembling those of Lazarus Group, North Korea\u2019s notorious hacking organization.<\/p>\n<p>In a post to X on Tuesday, Bitrefill <a title=\"https:\/\/x.com\/bitrefill\/status\/2033931580352221656\" href=\"https:\/\/x.com\/bitrefill\/status\/2033931580352221656\" target=\"_blank\" rel=\"nofollow noopener\">said<\/a> the hackers used malware, on-chain tracing, and reused IP and email infrastructure to compromise an employee\u2019s laptop, enabling them to drain funds from the company\u2019s hot wallets while also accessing 18,500 purchase records, potentially revealing \u201climited customer information.\u201d<\/p>\n<p>Bitrefill said BlueNoroff Group, another North Korean hacking organization with close ties to the <a title=\"https:\/\/cointelegraph.com\/news\/bybit-expresses-deep-crypto-industry-support\" href=\"https:\/\/cointelegraph.com\/news\/bybit-expresses-deep-crypto-industry-support\">Lazarus Group,<\/a> may have also been involved or been the sole attacker.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2026-03\/019cfe76-9acc-7dfe-b9c4-19f984fbf070.png\"><figcaption><strong><br \/><\/strong><em>Source: <\/em><a title=\"https:\/\/x.com\/bitrefill\/status\/2033931580352221656\" href=\"https:\/\/x.com\/bitrefill\/status\/2033931580352221656\" target=\"_blank\" rel=\"nofollow noopener\"><em>Bitrefill<\/em><\/a><\/figcaption><\/figure>\n<p>Bitrefill, which enables customers to spend crypto on real-world products and gift cards, said there was no evidence that the hackers extracted its database, suggesting the motive was financial.<\/p>\n<blockquote><p>\u201cThere is no evidence that they extracted our entire database, only that the attackers ran a limited number of queries consistent with probing to understand what there was to steal, including cryptocurrency and Bitrefill gift card inventory.\u201d<\/p><\/blockquote>\n<p>While Bitrefill didn\u2019t disclose how much funds were stolen, the company said it \u201cwill absorb\u201d those losses from its operational capital.<\/p>\n<p>&#8220;Almost everything is back to normal: payments, stock, accounts,&#8221; Bitrefill said, adding: \u201cSales volumes are also back to normal, and we are eternally thankful to our customers for your continued confidence in us.&#8221;<\/p>\n<p><template data-ct-widget=\"buzzsprout\" data-buzzsprout-podcast-id=\"2040516\" data-buzzsprout-episode-id=\"18489765\"><\/template><\/p>\n<p>Despite many crypto platforms strengthening security measures in recent years, sophisticated hackers have continued to <a title=\"https:\/\/cointelegraph.com\/news\/bybit-expresses-deep-crypto-industry-support\" href=\"https:\/\/cointelegraph.com\/news\/bybit-expresses-deep-crypto-industry-support\">find ways to breach<\/a> their defenses.<\/p>\n<p><em><strong>Related: <\/strong><\/em><a title=\"https:\/\/cointelegraph.com\/news\/bonk-fun-domain-hijack-wallet-drainer-solana\" href=\"https:\/\/cointelegraph.com\/news\/bonk-fun-domain-hijack-wallet-drainer-solana\"><em><strong>Bonk.fun warns hackers hijacked domain in wallet-drainer attack<\/strong><\/em><\/a><\/p>\n<p>Lazarus Group remains the crypto industry\u2019s most formidable threat and was behind the largest hack in crypto history, when it <a title=\"https:\/\/cointelegraph.com\/news\/bybit-expresses-deep-crypto-industry-support\" href=\"https:\/\/cointelegraph.com\/news\/bybit-expresses-deep-crypto-industry-support\">stole $1.4 billion<\/a> from <a title=\"https:\/\/cointelegraph.com\/news\/bybit-shuts-down-four-more-services-after-killing-nft-exchange\" href=\"https:\/\/cointelegraph.com\/news\/bybit-shuts-down-four-more-services-after-killing-nft-exchange\">crypto exchange Bybit<\/a> in February 2025.<\/p>\n<h2>Bitrefill has upped its security measures<\/h2>\n<p>Bitrefill said it contacted law enforcement and worked with crypto security firms Security Alliance, FearsOff Security, Recoveris.io and zeroShadow to navigate the <a title=\"https:\/\/cointelegraph.com\/news\/evil-twin-wifi-attacks-crypto-security\" href=\"https:\/\/cointelegraph.com\/news\/evil-twin-wifi-attacks-crypto-security\">cybersecurity incident.<\/a> Part of its initial response was to turn its systems offline to contain the attack.<\/p>\n<p>Bitrefill said it has already \u201csignificantly improved\u201d its cybersecurity practices since the incident.\u00a0<\/p>\n<p>Those measures include cybersecurity reviews with security researchers and implementing their recommendations, tightening internal access controls and improving monitoring strategies for faster detection and response.<\/p>\n<p><em><strong>Magazine: <\/strong><\/em><a title=\"https:\/\/cointelegraph-magazine.com\/chinas-blockchain-booster-alibaba-ai-mines-bitcoin-asia-express\/\" href=\"https:\/\/cointelegraph-magazine.com\/chinas-blockchain-booster-alibaba-ai-mines-bitcoin-asia-express\/\" target=\"_blank\" rel=\"nofollow noopener\"><em><strong>China\u2019s \u201850x\u2019 blockchain boost, Alibaba-linked AI mines Bitcoin: Asia Express<\/strong><\/em><\/a><\/p>\n<p><template data-type=\"markets_outlook\" data-name=\"subscription_form\" data-label=\"Subscription Form: Markets Outlook\"><\/template><\/div>\n<p>Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph\u2019s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy <a href=\"http:\/\/cointelegraph.com\/editorial-policy\">https:\/\/cointelegraph.com\/editorial-policy<\/a><\/p>",
        "protected": false
    },
    "excerpt": {
        "rendered": "<p>Crypto e-commerce store Bitrefill has revealed it was the victim of a cybersecurity attack on March 1, with the methods [&hellip;]<\/p>",
        "protected": false
    },
    "author": 5,
    "featured_media": 63711,
    "comment_status": "open",
    "ping_status": "open",
    "sticky": false,
    "template": "",
    "format": "standard",
    "meta": {
        "_acf_changed": false,
        "footnotes": ""
    },
    "categories": [
        220
    ],
    "tags": [],
    "class_list": [
        "post-63710",
        "post",
        "type-post",
        "status-publish",
        "format-standard",
        "has-post-thumbnail",
        "hentry",
        "category-tien-dien-tu"
    ],
    "acf": [],
    "_links": {
        "self": [
            {
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/posts\/63710",
                "targetHints": {
                    "allow": [
                        "GET"
                    ]
                }
            }
        ],
        "collection": [
            {
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/posts"
            }
        ],
        "about": [
            {
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/types\/post"
            }
        ],
        "author": [
            {
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/users\/5"
            }
        ],
        "replies": [
            {
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/comments?post=63710"
            }
        ],
        "version-history": [
            {
                "count": 0,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/posts\/63710\/revisions"
            }
        ],
        "wp:featuredmedia": [
            {
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/media\/63711"
            }
        ],
        "wp:attachment": [
            {
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/media?parent=63710"
            }
        ],
        "wp:term": [
            {
                "taxonomy": "category",
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/categories?post=63710"
            },
            {
                "taxonomy": "post_tag",
                "embeddable": true,
                "href": "https:\/\/hbbgroup.net\/en_us\/wp-json\/wp\/v2\/tags?post=63710"
            }
        ],
        "curies": [
            {
                "name": "wp",
                "href": "https:\/\/api.w.org\/{rel}",
                "templated": true
            }
        ]
    }
}