Crypto cybercrimes and security breaches are unfortunately increasing in the industry. AltCoinDesk has previously reported such cases, where most of them are allegedly linked to the Lazarus Group. Bitrefill, a crypto payment and e-commerce platform, has said that the cyberattack on its platform is attributed to this North Korean hacking group.
Cyberattackers accessed 18,500 records on Bitrefill
On March 1, 2026, the attackers accessed nearly 18,500 purchase records of the users, although the company authorities have made it certain that the accessed records included only limited information, including email addresses, crypto payment addresses, and metadata, including IP addresses.
Among the accessed records, 1,000 records included encrypted customer names, which could have been exposed. Bitrefill has notified the affected users about the compromise.
The alleged North Korean attackers also gained access to production keys and funds transferred from hot wallets.
Why does Bitrefill suspect the Lazarus Group?
The reasons are numerous. According to the crypto payment platform, the methods, malware patterns, and on-chain behaviour share a similar style to that carried out by the North Korean hacker group in its previous operations, including its affiliate Bluenoroff. Even so, there is no official or legally substantiated confirmation that the Lazarus Group orchestrated the Bitrefill breach.
Secondly, if you have noticed several crypto hacks, authorities always relate them to the Lazarus Group because historically, this team has been energetically carrying out crypto-based crimes.
US Treasury targets North Korea-linked crypto launderers
The recent sanctions on six individuals and two entities by the US Treasury Department for allegedly running a large-scale crypto laundering scheme once again trace back the case to North Korea. The sanctioned network has worked as remote IT professionals and earned payments in crypto. These crypto funds were secretly funneled to the North Korean regime.
Late last year, South Korean exchange Upbit experienced a security breach following a loss of $36.8 million in Solana assets. According to a South Korean media outlet, Lazarus Group orchestrated the crime.
