Lazarus Group Cashes Out: Employee Laptop Turns Into a Bitrefill Shopping Spree

Crypto e-commerce outfit Bitrefill has fessed up to getting hacked on March 1, pointing the finger at techniques that look suspiciously like the calling card of North Korea's favorite digital heist crew, the Lazarus Group. Because nothing says "shopping trip" like a state-sponsored cyber-ops team.

The digital burglars got in through an employee's laptop, using a classic cocktail of malware, on-chain tracing, and some recycled IP and email infrastructure they probably found lying around. This VIP access pass let them siphon funds from Bitrefill's hot wallets and peek at 18,500 purchase records, potentially giving them a sneak peek at some customer info—hopefully not your gift card for that one sketchy website.

Bitrefill also tossed out the possibility that the BlueNoroff Group, Lazarus's close cousin in the cyber-thievery family business, might have been the sole culprit or was just lending a hand. It's a real family affair over in Pyongyang.

The company, which is basically the crypto version of turning digital money into real-world stuff, stressed that the hackers didn't manage to walk off with the entire database. Instead, they ran a handful of queries, essentially doing a quick inventory check to see what crypto and gift cards were on the shelves ready to be shoplifted. A true grab-and-go operation.

Bitrefill didn't cough up the exact number that got lifted but said it would cover the losses from its own pocket change—sorry, "operational capital." The firm reported that things are mostly back to business as usual: payments, stock, and accounts are running. Sales volumes have even bounced back, proving that even a run-in with a nation-state hacker can't keep a good degen down.

Bitrefill did the whole song and dance: they called the cops and teamed up with crypto security firms Security Alliance, FearsOff Security, Recoveris.io, and zeroShadow. Their first move was the classic "turn it off and on again" strategy, taking systems offline to stop the digital bleeding.

Since the incident, the company has gone full cyber-fortress mode, significantly upgrading its security game. This means bringing in outside researchers for a roast session, locking down internal access like it's Fort Knox, and setting up better alarms to catch the next freeloader faster.

The Lazarus Group continues to be the crypto industry's ultimate boss-level villain. They're the crew responsible for the biggest score in crypto history, a cool $1.4 billion heist from exchange Bybit back in February 2025. They're not just a threat; they're the benchmark.