Crypto payments platform Bitrefill has confirmed a major cyberattack on March 1, 2026, with signs pointing to the North Korea-linked Lazarus Group. The Bitrefill attack exposed internal systems, drained crypto wallets, and accessed around 18,500 user records. Let’s understand how the Bitrefill hack happened and whether user data is safe.
The Bitrefill hack began in a simple but most dangerous manner, through a compromised employee’s laptop. In an X post, Bitrefill said Hackers managed to steal old login credentials, which gave them access to internal systems.
Stolen login details helped attackers enter internal systems and move deeper into the company’s infrastructure.
From there, they accessed parts of the database and crypto hot wallets, allowing them to transfer funds to external addresses.
As the attack happened, the company first noticed unusual activity when attackers started misusing its gift card system. At the same time, funds were being moved from hot wallets.
Once detected, Bitrefill quickly took all systems offline to stop further damage and secure its platform.
Bitrefill confirmed that about 18,500 purchase records were accessed. This data included email IDs, crypto wallet addresses, and technical details such as IP addresses.
In around 1,000 cases, customer names may also have been exposed. The company said this data was encrypted but still treated as potentially compromised.
Despite the breach, Bitrefill said it stores very little personal data and does not require full KYC. Any sensitive user data is kept with external providers, not on its own systems.
Following the attack pattern, Bitrefill said the incident shows strong similarities to past attacks linked to the North Korea state-sponsored Lazarus Group.
These similarities include malware patterns, reused systems, and on-chain fund movements.
Further, in a post, Bitrefill said it began working with cybersecurity experts, blockchain analysts, and law enforcement to investigate the breach.
The company is now improving its system by adding stronger controls, more robust monitoring, and faster response plans.
For users, Bitrefill said there is no need for immediate action but advised staying alert for phishing emails or suspicious messages.
On March 1, 2026, Bitrefill suffered a cyberattack where hackers used stolen employee login credentials to access internal systems, drain crypto hot wallets, and view around 18,500 user purchase records.
Bitrefill stores minimal personal data and does not require full KYC. While email addresses and wallet addresses were exposed, sensitive information is kept with external providers, reducing the risk of identity theft.
Security experts suspect the North Korea-linked Lazarus Group is responsible. Bitrefill noted the attack matched their patterns, including specific malware signatures and methods used to move stolen cryptocurrency funds.
Users should stay alert for phishing emails, avoid suspicious links, and monitor accounts. No immediate action is required, but caution is strongly advised.
Crypto payments platform Bitrefill revealed it was targeted in a cyberattack on March 1, 2026,…
Bitcoin started the week strong, rising nearly 7%, but has now pulled back to around…
Ethereum (ETH) price is back in focus after climbing over 15% this week, quietly outperforming…
Ethereum price and the other cryptos are consolidating at their respective resistance ranges, probably awaiting…
Pi Network has rolled out its full Mainnet upgrade to Protocol 20, unlocking support for…
Cardano has taken a major leap as LayerZero officially integrated the network, connecting it to…
