"The breach, which began on March 1, originated from a compromised employee laptop, according to the company's incident report. Attackers were able to extract legacy credentials tied to production systems, allowing them to escalate access across Bitrefill's infrastructure, including segments of its internal database and certain cryptocurrency hot wallets."
"As part of the attack, approximately 18,500 purchase records were accessed. The exposed data includes email addresses, cryptocurrency payment addresses and metadata such as IP addresses. Around 1,000 of those records involved encrypted customer names, which are being treated as potentially exposed due to the possibility that attackers accessed encryption keys."
"Bitrefill said the attackers drained an undisclosed amount of funds from its hot wallets while also exploiting its gift card inventory systems to place suspicious purchases with vendors. The company did not specify the total financial impact but stated it will absorb the losses using operational capital."
Bitrefill, a crypto e-commerce platform, experienced a significant cyberattack beginning March 1 that originated from a compromised employee laptop. Attackers extracted legacy credentials to escalate access across the company's infrastructure, including internal databases and cryptocurrency hot wallets. They drained an undisclosed amount of funds and exploited gift card inventory systems for fraudulent purchases. The breach exposed approximately 18,500 purchase records containing email addresses, cryptocurrency payment addresses, and IP addresses, with around 1,000 records potentially exposing encrypted customer names. The company detected the intrusion through irregular purchasing patterns and supplier activity anomalies. Bitrefill temporarily took systems offline to contain the breach and has since restored normal operations. The company emphasized it stores minimal personal data and does not require mandatory KYC verification for most transactions.
Read at Bitcoin Magazine
Unable to calculate read time
Collection
[
|
...
]