Bitrefill Cyberattack Exposes 18,500 Records, Lazarus Group Suspected

TheNewsCryptoPublicado a 2026-03-18Actualizado a 2026-03-18

Resumen

Bitrefill, a cryptocurrency payment platform, was targeted by a cyberattack attributed to the North Korea-linked Lazarus Group on March 1, 2026. The breach, which began with a compromised employee laptop, exposed approximately 18,500 customer purchase records, including email addresses, crypto payment addresses, and IP data. The attackers primarily focused on moving funds from hot wallets and exploiting the gift card system, rather than stealing full customer data. Bitrefill quickly detected the unusual activity, shut down systems to prevent further damage, and has committed to covering all losses with its own funds. The company has since enhanced security measures, including stronger access controls and improved monitoring, and confirmed that most services are back to normal. This was Bitrefill's first major security breach in over a decade.

Bitrefill, a cryptocurrency payment platform, reported that it was the target of a cyberattack on March 1, 2026, and it attributed the attack to the Lazarus Group, a hacker collective associated with North Korea. The attack exposed about 18,500 customer purchase records and impacted several aspects of Bitrefill’s systems, including its cryptocurrency wallets.

How this Breach Happened

According to the firm, the breach began with the compromised employee’s laptop. In this case, the hackers were able to enter Bitrefill’s infrastructure and access production keys by moving funds from the hot wallet to exploit its gift card system. The company noticed unusual activity and quickly shut down systems to stop further damage.

The attacker accessed about 18,500 purchase records, which include email addresses, crypto payment addresses, and IP address data. The firm says that the hackers did not try to steal full customer data, and their main focus was on the crypto funds and the gift cards.

Bitrefill confirmed that it will cover all losses using its own funds. The company said it remains financially stable and that most services, including payments and accounts, are now back to normal.

Bitrefill has taken steps to improve security by providing stronger access control, better monitoring systems, external security testing, and faster response systems for future attacks. Additionally, it collaborates with blockchain analysts and security experts. According to Bitrefill, the hack was the company’s first significant security breach in more than ten years. Despite the attack’s damage, the business swiftly responded and resumed operations.

Highlighted Crypto News:

SEC and CFTC Introduce Crypto Classification Framework

Preguntas relacionadas

QWhat company was targeted in the cyberattack and who is suspected to be behind it?

ABitrefill, a cryptocurrency payment platform, was targeted, and the attack is attributed to the Lazarus Group, a hacker collective associated with North Korea.

QHow many customer records were exposed in the Bitrefill breach?

AApproximately 18,500 customer purchase records were exposed.

QWhat type of information was accessed in the compromised purchase records?

AThe accessed information includes email addresses, crypto payment addresses, and IP address data.

QHow did the attackers initially gain access to Bitrefill's systems?

AThe breach began with a compromised employee's laptop, which allowed the hackers to enter the infrastructure and access production keys.

QWhat steps has Bitrefill taken to improve its security following the attack?

ABitrefill has implemented stronger access control, better monitoring systems, external security testing, and faster response systems. It is also collaborating with blockchain analysts and security experts.

Lecturas Relacionadas

Booking.com Founder Jeff Hoffman: How Web3 and AI Are Reshaping the Trillion-Dollar Social Travel Market

Booking.com co-founder Jeff Hoffman discusses how Web3 and AI are set to reshape the multitrillion-dollar social travel market. Hoffman, who co-founded Priceline and helped build Booking.com into a global giant, emphasizes that the current travel industry remains fragmented and inefficient. He argues that Web3 introduces structural disruption by enabling direct connections, transparent economics, and faster settlements, while AI powers personalization and smarter recommendations. Hoffman highlights key trends driving this shift: travelers demand flexible, authentic rewards instead of expiring points; digital and borderless payments are becoming standard; and people trust communities more than ads. He joined Staynex not for its Web3 label but because it aligns with these trends—integrating booking, rewards, AI, and payments into a seamless ecosystem. Looking ahead, Hoffman predicts travel will evolve from transactional to relational, with blockchain enabling transparent rewards and cross-border payments, and AI delivering hyper-personalized experiences. He believes the most valuable platforms will own the network around payments, loyalty, and community, making social travel one of the most underestimated opportunities in Web3.

marsbitHace 11 min(s)

Booking.com Founder Jeff Hoffman: How Web3 and AI Are Reshaping the Trillion-Dollar Social Travel Market

marsbitHace 11 min(s)

Is It Illegal for Crypto KOLs to Run Paid Communities and Sell Courses?

Summary: This article, authored by lawyer Shao Shiwei, addresses the legal risks faced by crypto Key Opinion Leaders (KOLs) who offer paid communities and courses related to cryptocurrency trading. The author explains that while there is no direct licensing system for such activities in China, authorities still reference virtual currency policies in enforcement. KOL activities are categorized into three risk levels: 1. Low-risk: Historical trend analysis and basic education without real-time guidance. 2. Medium-risk: Providing daily market analysis and ambiguous suggestions (e.g., "this position is worth watching"). 3. High-risk: Explicit trading signals, specific buy/sell points, or profit-sharing arrangements. Key legal risks include civil liability (e.g., user lawsuits over losses) and criminal charges (e.g., fraud accusations if users suffer losses). Even disclaimers like "not investment advice" may not protect KOLs, as courts focus on the实质 (substance) of the content. The article emphasizes that risk depends on whether content is perceived as operational guidance, its influence on user decisions, and payment structures. KOLs are advised to assess their specific business models carefully.

marsbitHace 34 min(s)

Is It Illegal for Crypto KOLs to Run Paid Communities and Sell Courses?

marsbitHace 34 min(s)

Cook's Curtain Call and Ternus Takes the Helm: The Disruption and Reboot of Apple's 4 Trillion Dollar Empire

Tim Cook has officially announced he will step down as CEO of Apple in September, transitioning to executive chairman after a 15-year tenure during which he grew the company’s market value from around $350 billion to nearly $4 trillion. He will be succeeded by John Ternus, a 50-year-old hardware engineering veteran who has been groomed for the role through increasing public visibility and internal responsibility. Ternus’s appointment signals a strategic shift toward hardware and engineering leadership, with Johny Srouji—head of Apple Silicon—taking on an expanded role as Chief Hardware Officer. This consolidation aims to strengthen Apple’s core technological capabilities. However, Cook’s departure highlights a significant unresolved issue: Apple’s delayed and fragmented approach to artificial intelligence. Despite early efforts, such as hiring John Giannandrea from Google in 2018, Apple’s AI initiatives—particularly around Siri—have struggled with internal restructuring and reliance on external partnerships, including with Google. The transition comes at a critical moment as Apple faces paradigm shifts with the rise of artificial general intelligence (ASI). The company’s closed ecosystem of hardware, software, and services—once a major advantage—now presents challenges in adapting to an AI-centric world where intelligence may matter more than the device itself. Ternus must quickly articulate a clear AI strategy, possibly starting at WWDC, to reassure markets and redefine Apple’s role in a new technological era. His task is not only to maintain Apple’s operational excellence but also to reinvigorate its capacity to innovate and lead in the age of AI.

marsbitHace 2 hora(s)

Cook's Curtain Call and Ternus Takes the Helm: The Disruption and Reboot of Apple's 4 Trillion Dollar Empire

marsbitHace 2 hora(s)

W3.io and Space and Time Collaborate to Launch Verifiable AI Finance Infrastructure

W3.io and Space and Time have partnered to launch a verifiable AI finance infrastructure designed to address the accountability gap in autonomous financial operations. The collaboration combines W3’s platform for creating and automating agent-powered financial workflows with Space and Time’s verifiable data blockchain, ensuring end-to-end proof from execution to settlement. This two-layer verification system processes over 200,000 operations daily and has been validated in production by Creatorland, a platform serving 100,000 content creators. The partnership enables businesses to deploy multi-vendor financial processes quickly and auditably, with support from integrations including Circle, Stripe, and PayPal. The system provides a trust layer for autonomous financial movements, ensuring data integrity and operational transparency beyond traditional cloud databases.

TheNewsCryptoHace 4 hora(s)

W3.io and Space and Time Collaborate to Launch Verifiable AI Finance Infrastructure

TheNewsCryptoHace 4 hora(s)

New York AG Sues Coinbase, Gemini Over Alleged State Law Violations

New York Attorney General Letitia James has filed a lawsuit against Coinbase and Gemini, alleging their prediction markets violate state gambling laws. The complaint argues these platforms operate as unlicensed gambling activities since outcomes rely on chance, not skill. Both companies are also accused of allowing users under 21, the legal age for mobile sports betting in New York. The suit seeks restitution for customers, repayment of illegal profits, civil penalties, and restrictions on marketing, including a ban on promoting services on college campuses. Following the news, Coinbase's stock fell roughly 10%, while Gemini's dropped about 4%.

bitcoinistHace 6 hora(s)

New York AG Sues Coinbase, Gemini Over Alleged State Law Violations

bitcoinistHace 6 hora(s)

Trading

Spot

Futuros