Ray retweetledi
Bitrefill, one of the largest crypto e-commerce platforms, just disclosed a cyberattack that took place on March 1.
The entry point was a compromised employee laptop.
From there, attackers exfiltrated a legacy credential, used it to access production secrets, transferred funds from hot wallets, and exposed 18,500 purchase records containing email addresses, payment addresses, and IP addresses.
Bitrefill hasn't disclosed the total financial impact but says it will absorb the losses from operational capital.
The company's investigation found strong similarities with past operations by North Korea's Lazarus Group, also known as Bluenoroff, based on malware signatures, on-chain tracing, and reused attacker infrastructure.
Credit to Bitrefill for the transparency with a detailed incident report, direct user notifications, and immediate steps to tighten access controls and monitoring.
That accountability matters, but the attack pattern is familiar.
Bybit's $1.5 billion loss last year also started with a compromised laptop. The attack surface keeps shifting from protocols to people and the operational layers around them.
MPC custody architecture addresses this structurally ➝ key shares distributed across isolated environments, signing that never reconstructs the full key, and role-based approval flows that prevent any single point of compromise from reaching the vault.
Visit CipherBC's website to learn more about our MPC-powered custody solutions.
#CryptoSecurity #MPCWallet #CryptoCustody #DigitalAssets #InstitutionalCrypto #Cybersecurity
English
