Bitrefill, a cryptocurrency gift card platform, was breached by North Korean threat actor BlueNoroff (Lazarus/APT38) through a compromised employee endpoint and privilege escalation via legacy credentials, exposing approximately 18,500 purchase records, production secrets, and hot wallets. No CVE applies; the attack chain exploited credential hygiene and access control failures, with decryption keys co-located with encrypted data negating encryption protections. Organizations with supply-chain, vendor, or authentication dependencies on Bitrefill or similar cryptocurrency-adjacent platforms should audit those connections and map BlueNoroff TTPs — particularly T1078.003, T1552, and T1566 — against their detection coverage.