Bitrefill Cyberattack Exposes 18,500 Records, Lazarus Group Suspected

TheNewsCryptoPublished on 2026-03-18Last updated on 2026-03-18

Abstract

Bitrefill, a cryptocurrency payment platform, was targeted by a cyberattack attributed to the North Korea-linked Lazarus Group on March 1, 2026. The breach, which began with a compromised employee laptop, exposed approximately 18,500 customer purchase records, including email addresses, crypto payment addresses, and IP data. The attackers primarily focused on moving funds from hot wallets and exploiting the gift card system, rather than stealing full customer data. Bitrefill quickly detected the unusual activity, shut down systems to prevent further damage, and has committed to covering all losses with its own funds. The company has since enhanced security measures, including stronger access controls and improved monitoring, and confirmed that most services are back to normal. This was Bitrefill's first major security breach in over a decade.

Bitrefill, a cryptocurrency payment platform, reported that it was the target of a cyberattack on March 1, 2026, and it attributed the attack to the Lazarus Group, a hacker collective associated with North Korea. The attack exposed about 18,500 customer purchase records and impacted several aspects of Bitrefill’s systems, including its cryptocurrency wallets.

How this Breach Happened

According to the firm, the breach began with the compromised employee’s laptop. In this case, the hackers were able to enter Bitrefill’s infrastructure and access production keys by moving funds from the hot wallet to exploit its gift card system. The company noticed unusual activity and quickly shut down systems to stop further damage.

The attacker accessed about 18,500 purchase records, which include email addresses, crypto payment addresses, and IP address data. The firm says that the hackers did not try to steal full customer data, and their main focus was on the crypto funds and the gift cards.

Bitrefill confirmed that it will cover all losses using its own funds. The company said it remains financially stable and that most services, including payments and accounts, are now back to normal.

Bitrefill has taken steps to improve security by providing stronger access control, better monitoring systems, external security testing, and faster response systems for future attacks. Additionally, it collaborates with blockchain analysts and security experts. According to Bitrefill, the hack was the company’s first significant security breach in more than ten years. Despite the attack’s damage, the business swiftly responded and resumed operations.

Highlighted Crypto News:

SEC and CFTC Introduce Crypto Classification Framework

TagsBitrefillCryptocurrency

Related Questions

QWhat company was targeted in the cyberattack and who is suspected to be behind it?

ABitrefill, a cryptocurrency payment platform, was targeted, and the attack is attributed to the Lazarus Group, a hacker collective associated with North Korea.

QHow many customer records were exposed in the Bitrefill breach?

AApproximately 18,500 customer purchase records were exposed.

QWhat type of information was accessed in the compromised purchase records?

AThe accessed information includes email addresses, crypto payment addresses, and IP address data.

QHow did the attackers initially gain access to Bitrefill's systems?

AThe breach began with a compromised employee's laptop, which allowed the hackers to enter the infrastructure and access production keys.

QWhat steps has Bitrefill taken to improve its security following the attack?

ABitrefill has implemented stronger access control, better monitoring systems, external security testing, and faster response systems. It is also collaborating with blockchain analysts and security experts.

Related Reads

The Last Time I'll Talk About Backpack, and Also Discussing My Airdrop Farming Principles

The author outlines two primary approaches to airdrop farming (referred to as "撸毛"): a labor-intensive" method of mass participation in many projects, and their own "sniper" method. The sniper approach relies on a rigorous four-point checklist to filter projects and avoid "industrial garbage." The checklist evaluates: 1. **Team (People):** Founders must be intelligent, have strong execution skills, and be genuinely well-intentioned. This is assessed through their social media content and, if possible, personal interactions. 2. **Product (Product-Market Fit):** The product must have a clear market fit, be delivered competently, and the team must show a responsible attitude towards its quality, avoiding releases full of basic errors. 3. **Narrative (Story):** The project should operate in a promising, unproven narrative within Web3 that also aligns with major investment trends in Web2 (e.g., AI). 4. **Timing & Cost (Market Conditions):** Avoid participating when market sentiment is overly FOMO-driven and participation costs are high. If an opportunity causes hesitation, it's best to skip it, as overcrowded airdrops yield minimal or negative returns. Applying this framework, the author explains why they avoided heavily farming the Backpack exchange airdrop: * **Narrative:** They are skeptical of the "compliant CEX" narrative, questioning its unique selling point against giants like Binance and OKX. * **Product:** They criticize Backpack's frequent technical failures, rollbacks, and what they perceive as a lack of product development rigor, comparing it unfavorably to competitors like Hyperliquid. * **Timing & Cost:** The participation cost was high compared to zero-fee alternatives available at the time. The author concludes that Backpack lacks the technical and operational prowess of a serious exchange and views its token more as a "VC-backed meme coin" for secondary market speculation rather than a worthwhile airdrop target.

比推1h ago

The Last Time I'll Talk About Backpack, and Also Discussing My Airdrop Farming Principles

比推1h ago

Dogecoin nears $0.088 support – But THESE signals hint at downside

Dogecoin (DOGE) is nearing a critical support level at $0.088, with recent on-chain activity showing increased transfers and transactions, yet failing to boost its price. This is attributed to a distribution phase, where whale inflows into exchanges have created selling pressure. Market sentiment remains bearish due to global tensions, affecting both crypto and stock markets. Bitcoin's drop below $70,000 has added to the downward pressure. Technical indicators like the RSI at 35 confirm bearish momentum, though the CMF suggests slightly easing outflows. A cluster of long liquidations between $0.084 and $0.088 could drive prices lower, potentially testing $0.086. A break below this level would weaken bullish prospects, while a hold could set the stage for a recovery.

ambcrypto1h ago

Dogecoin nears $0.088 support – But THESE signals hint at downside

ambcrypto1h ago

Ethereum Goes Institutional With Yield, Unlocking New Earning Opportunities

Ethereum is gaining significant institutional traction as a yield-generating asset, moving beyond mere price appreciation. Major firms can now earn rewards directly on-chain mechanisms, marking a shift from a settlement layer to a developed financial ecosystem. Ethereum leads in Total Value Locked (TVL) with over $298.8 billion. BlackRock's launch of an ETH staking ETP further accelerated this trend, with a large percentage of ETH now locked in staking, generating yield for Traditional Finance. Bitmine Immersion exemplifies this shift, staking over 70% of its ETH treasury (3.135 million ETH) to target $280 million in annual yield, highlighting institutional allocation strategies.

bitcoinist1h ago

Ethereum Goes Institutional With Yield, Unlocking New Earning Opportunities

bitcoinist1h ago

Crypto ETF options move closer to mainstream as NYSE Arca updates trading rules

NYSE Arca has proposed rule changes to expand options trading on Bitcoin and Ethereum ETFs, aligning them with standard equity options frameworks. Key updates include removing the 25,000-contract position limit, allowing larger positions and potentially increasing liquidity. The proposal also eliminates restrictions on Flexible Exchange (FLEX) options, enabling customization of strike price, expiration, and settlement terms for institutional strategies. Crypto ETFs must meet specific criteria, such as a minimum $700 million average market value, to qualify. This structural shift integrates digital assets deeper into traditional derivatives markets, encouraging institutional participation while potentially amplifying market volatility.

ambcrypto2h ago

Crypto ETF options move closer to mainstream as NYSE Arca updates trading rules

ambcrypto2h ago

Bitcoin Miner Selling Hits Historic Lows As MPI Signals Structural Shift

Bitcoin has fallen below the $70,000 mark amid renewed selling pressure and weakening short-term momentum. However, on-chain data reveals a significant structural shift: the Miners’ Position Index (MPI) has dropped to -1.04, one of the lowest levels in history. This indicates miners are selling far fewer coins than their one-year average, effectively reducing a major source of market supply. While this is typically a bullish signal—suggesting accumulation or anticipation of higher prices—it does not guarantee a price bottom. Historically, extreme MPI lows occur during periods of miner stress or post-capitulation, but absolute price bottoms tend to form as MPI begins recovering, not at its lowest point. Reduced miner selling removes a headwind, but sustained upward movement requires increased demand from spot buyers, ETFs, or derivatives.

bitcoinist2h ago

Bitcoin Miner Selling Hits Historic Lows As MPI Signals Structural Shift

bitcoinist2h ago

Trading

Spot
Futures
活动图片

Hot Categoriesright-arrow

Hot Tagsright-arrow