Bitrefill Cyberattack Exposes 18,500 Records, Lazarus Group Suspected

• Bitrefill was hacked, exposing 18,500 user records and draining funds.
• The attack is linked to the Lazarus Group, and the company will cover all losses.

Bitrefill, a cryptocurrency payment platform, reported that it was the target of a cyberattack on March 1, 2026, and it attributed the attack to the Lazarus Group, a hacker collective associated with North Korea. The attack exposed about 18,500 customer purchase records and impacted several aspects of Bitrefill’s systems, including its cryptocurrency wallets.

How this Breach Happened

According to the firm, the breach began with the compromised employee’s laptop. In this case, the hackers were able to enter Bitrefill’s infrastructure and access production keys by moving funds from the hot wallet to exploit its gift card system. The company noticed unusual activity and quickly shut down systems to stop further damage.

The attacker accessed about 18,500 purchase records, which include email addresses, crypto payment addresses, and IP address data. The firm says that the hackers did not try to steal full customer data, and their main focus was on the crypto funds and the gift cards.

Bitrefill confirmed that it will cover all losses using its own funds. The company said it remains financially stable and that most services, including payments and accounts, are now back to normal.

Bitrefill has taken steps to improve security by providing stronger access control, better monitoring systems, external security testing, and faster response systems for future attacks. Additionally, it collaborates with blockchain analysts and security experts. According to Bitrefill, the hack was the company’s first significant security breach in more than ten years. Despite the attack’s damage, the business swiftly responded and resumed operations.

Highlighted Crypto News:

SEC and CFTC Introduce Crypto Classification Framework