Bitrefill Cyberattack Exposes 18,500 Records, Lazarus Group Suspected

TheNewsCryptoPublished on 2026-03-18Last updated on 2026-03-18

Abstract

Bitrefill, a cryptocurrency payment platform, was targeted by a cyberattack attributed to the North Korea-linked Lazarus Group on March 1, 2026. The breach, which began with a compromised employee laptop, exposed approximately 18,500 customer purchase records, including email addresses, crypto payment addresses, and IP data. The attackers primarily focused on moving funds from hot wallets and exploiting the gift card system, rather than stealing full customer data. Bitrefill quickly detected the unusual activity, shut down systems to prevent further damage, and has committed to covering all losses with its own funds. The company has since enhanced security measures, including stronger access controls and improved monitoring, and confirmed that most services are back to normal. This was Bitrefill's first major security breach in over a decade.

Bitrefill, a cryptocurrency payment platform, reported that it was the target of a cyberattack on March 1, 2026, and it attributed the attack to the Lazarus Group, a hacker collective associated with North Korea. The attack exposed about 18,500 customer purchase records and impacted several aspects of Bitrefill’s systems, including its cryptocurrency wallets.

How this Breach Happened

According to the firm, the breach began with the compromised employee’s laptop. In this case, the hackers were able to enter Bitrefill’s infrastructure and access production keys by moving funds from the hot wallet to exploit its gift card system. The company noticed unusual activity and quickly shut down systems to stop further damage.

The attacker accessed about 18,500 purchase records, which include email addresses, crypto payment addresses, and IP address data. The firm says that the hackers did not try to steal full customer data, and their main focus was on the crypto funds and the gift cards.

Bitrefill confirmed that it will cover all losses using its own funds. The company said it remains financially stable and that most services, including payments and accounts, are now back to normal.

Bitrefill has taken steps to improve security by providing stronger access control, better monitoring systems, external security testing, and faster response systems for future attacks. Additionally, it collaborates with blockchain analysts and security experts. According to Bitrefill, the hack was the company’s first significant security breach in more than ten years. Despite the attack’s damage, the business swiftly responded and resumed operations.

Highlighted Crypto News:

SEC and CFTC Introduce Crypto Classification Framework

TagsBitrefillCryptocurrency

Related Questions

QWhat company was targeted in the cyberattack and who is suspected to be behind it?

ABitrefill, a cryptocurrency payment platform, was targeted, and the attack is attributed to the Lazarus Group, a hacker collective associated with North Korea.

QHow many customer records were exposed in the Bitrefill breach?

AApproximately 18,500 customer purchase records were exposed.

QWhat type of information was accessed in the compromised purchase records?

AThe accessed information includes email addresses, crypto payment addresses, and IP address data.

QHow did the attackers initially gain access to Bitrefill's systems?

AThe breach began with a compromised employee's laptop, which allowed the hackers to enter the infrastructure and access production keys.

QWhat steps has Bitrefill taken to improve its security following the attack?

ABitrefill has implemented stronger access control, better monitoring systems, external security testing, and faster response systems. It is also collaborating with blockchain analysts and security experts.

Related Reads

Can Iran 'Control' the Strait of Hormuz?

Iran has announced a comprehensive plan to assert control over the strategic Strait of Hormuz, a critical global oil shipping chokepoint. The proposed measures include requiring all vessels to obtain Iranian permission for passage, imposing fees for security, environmental protection, and navigation management—preferably paid in Iranian rials—and absolutely banning Israeli ships. Vessels from countries deemed hostile by Iran’s top security bodies may also be barred. Analysts suggest Iran’s motives are multifaceted: increasing pressure on the U.S. and Israel by leveraging control over oil transit to influence global prices and inflation; creating a new revenue stream, potentially exceeding $7.7 billion annually, to counter Western sanctions and support postwar reconstruction; and using transit permissions as bargaining chips in future negotiations, notably with the U.S. However, the plan faces significant practical and diplomatic challenges. Enforcing comprehensive interception and fee collection in the busy waterway, patrolled by international military forces, would be difficult. The U.S. has already countering with a blockade of Iranian ports and threats to intercept any ship paying fees, potentially strangling Iran’s oil exports and fee revenue. Broad international opposition, led by European and Gulf states, and legal controversies further complicate implementation. The proposal may ultimately serve more as a negotiating tactic than a feasible policy, with its execution remaining highly uncertain.

marsbit12m ago

Can Iran 'Control' the Strait of Hormuz?

marsbit12m ago

Vertically Integrated Capital Aggregators: How Does Web3 Build an Impregnable Moat?

"Vertical Integration Capital Aggregators: How Web3 Builds Unbreachable Moats" explores how leading Web3 protocols create competitive advantages by vertically integrating multiple ecosystem components. Unlike Web2 aggregators that focus on user demand or supplier commoditization, successful Web3 entities like Hyperliquid aggregate capital, liquidity, users, and distribution into a unified financial ecosystem. This integration allows for efficient capital deployment—Hyperliquid generates $0.30 in fees per $1 of TVL annually, compared to Aave's $0.05—while creating a defensible moat that is difficult to replicate across six simultaneous fronts. However, this model comes with risks: DeFi loses $0.50 to hacks for every $1 earned, pushing protocols toward partial centralization and closed systems for security and scalability. The token serves as a shared incentive layer, aligning stakeholders and driving value through mechanisms like buybacks. The article concludes that vertical integration, not capital itself, is the true moat, and that the industry is evolving toward pragmatic, partially centralized models to ensure economic growth and sustainability.

marsbit26m ago

Vertically Integrated Capital Aggregators: How Does Web3 Build an Impregnable Moat?

marsbit26m ago

Falsely Accused by AI and Jailed for 160 Days: American Woman Steps into the Execution Zone

Summary: Angela Lipps, a woman from Tennessee, was wrongfully imprisoned for 160 days after a facial recognition AI incorrectly identified her as a suspect in a bank fraud case in North Dakota. Despite her insistence that she had never been to the state, she was arrested in July 2025 and held without bail. She spent 108 days in a local jail before being transferred to North Dakota in October, where she was eventually cleared after her lawyer provided bank records proving she was buying pizza in Tennessee at the time of the crime. Her ordeal highlights a growing issue with AI-driven law enforcement errors. Similar cases include Robert Williams, detained for 30 hours in 2020, and Chris Gatlin, jailed for 17 months based on flawed AI matches. Systems like Clearview AI, used by over 3,000 U.S. law enforcement agencies, often rely on low-quality images and can produce inaccurate results. Human oversight failures exacerbate the problem, as officers sometimes skip verification steps, leading to wrongful arrests. While AI has improved policing efficiency, its errors have serious consequences, emphasizing the need for stricter regulations and human accountability in its use.

marsbit1h ago

Falsely Accused by AI and Jailed for 160 Days: American Woman Steps into the Execution Zone

marsbit1h ago

Bitcoin Derivatives Buying Pressure Continues To Rise — Is $80K Inevitable?

Bitcoin's price has been experiencing significant bullish momentum, with recent gains primarily driven by strong demand in the perpetual futures market rather than spot trading. On-chain analysis reveals sustained buying pressure in Bitcoin derivatives, as indicated by the Net Taker Volume metric, which has remained positive at around $145 million since March 7. This metric, which measures the difference between long and short orders, suggests continued dominance of buyers and reflects bullish sentiment among traders. Historically, such a shift from selling to buying pressure has consistently led to upward price movements. Analysts expecting the trend to continue, potentially pushing Bitcoin toward the $80,000 mark, though that level remains a key resistance zone. Currently, BTC is around $77,508 with little change over the past day.

bitcoinist1h ago

Bitcoin Derivatives Buying Pressure Continues To Rise — Is $80K Inevitable?

bitcoinist1h ago

Bitcoin Reclaims Key MVRV Support At $73.7K — What Comes Next?

Bitcoin has reclaimed the critical MVRV support level at $73,700, a key indicator for market valuation. Holding above this level suggests potential upward momentum toward the mean MVRV target of $96,000. However, a breakdown below $73,700 could lead to a decline toward the Realized Price support near $55,000. The MVRV bands outline further resistance at $118,000 and extreme overvaluation at $140,000, while deeper support lies around $51,500. Currently trading near $78,000, Bitcoin remains 38% below its all-time high of $126,198 from October 2025.

bitcoinist7h ago

Bitcoin Reclaims Key MVRV Support At $73.7K — What Comes Next?

bitcoinist7h ago

Trading

Spot
Futures
活动图片