Bitrefill said hackers allegedly tied to North Korea’s Lazarus group accessed around 18,500 purchase records that contained email addresses, crypto payment addresses, and metadata including IP addresses.