Bitrefill, a prominent name in the crypto gift card space, has admitted to having suffered a data breach incident on March 1. Disclosing details of the incident, the platform said that attackers were able to access 18,500 purchase records which consisted of customer information like email addresses, IP addresses, and crypto wallet addresses.
Founded in 2014, Bitrefill is headquartered in Stockholm, Sweden. It does not have the user login/signup mandate. Instead, it lets users provide a valid mail address, select a crypto payment method, and a generate a wallet address to transfer the purchase payments — all as a guest user.
In its X post, the platform said a malware was used to facilitate the data breach, which resembles the modus operandi of North Korea’s notorious Lazarus group and its specialized subgroup called Bluenoroff.
“The initial access originated through a compromised employee laptop, from which a legacy credential was exfiltrated. That credential provided access to a snapshot containing production secrets,” Bitfirell said. “From there, the attackers were able to escalate their access to our broader infrastructure, including parts of our database and certain cryptocurrency wallets.”
The platform believes that the attackers may have gotten their hands on its encryption keys, which may have led to the exposure of the names of around 1,000 users who purchased specific products that needed this information from the buyers.
“Bitrefill was designed to store very little personal data. We are a store, not a crypto service provider. We don’t require mandatory KYC. When a customer chooses to verify their account. Still, based on database logs, we know that a subset of purchase records was accessed,” it noted.
A pattern of suspicious purchases with certain suppliers was what tipped off Bitfrefill of a possible attack. Upon initial probe, the platform found that some of their web-connected hot wallets were being drained out. As of now, the platform has not disclosed exactly how much was stolen from their accounts.
Upon identifying the breach, Bitfirell said, it took its system offline. The company said the attackers possibly scanned its systems to see what could be stolen, including its crypto gift card inventory.
A thorough investigation including law enforcement agencies and on-chain analytics platforms is underway in the incident.
Source: X/ @bitrefill
The company believes its customers do not have to take any specific action in the situation for now.
“Almost everything is back to normal: payments, stock, accounts. Sales volumes are also back to normal, and we are eternally thankful to our customers for your continued confidence in us,” the company vouched.
Old and new customers who may have engaged with the Bitrefill website have, however, been cautioned against unexpected communications related to Bitrefill or crypto.