North Korean-linked hackers believed to be the Lazarus Group breached cryptocurrency e-commerce platform Bitrefill on March 1, accessing about 18,500 purchase records containing email addresses, crypto payment addresses and metadata. The attackers gained entry via a compromised employee laptop and an exfiltrated legacy credential, escalated access to databases and wallets, drained some funds, and forced Bitrefill to take systems offline while investigators responded. #Lazarus #Bitrefill
Keypoints
- Incident on March 1 was attributed to the Lazarus Group after analysis of tactics, malware, IPs, and blockchain activity.
- Initial access originated from a compromised employee laptop and a stolen legacy credential.
- Approximately 18,500 purchase records containing emails, crypto payment addresses, and IP metadata were exposed.
- Some Bitrefill cryptocurrency wallets were drained and funds were transferred to attacker-controlled wallets.
- Bitrefill restored services on March 5, plans to absorb losses, and law enforcement and cybersecurity experts assisted the investigation.
Read More: https://therecord.media/crypto-platform-accuses-north-korea-hack