News 
Coin Information 
About us 
Customer Service 
Cryptocurrency and gift card platform Bitrefill has attributed a sophisticated cyberattack on March 1, 2026, to the North Korea-linked Lazarus Group, also known as Bluenoroff. The breach compromised parts of the company's infrastructure, drained cryptocurrency hot wallets, and exposed thousands of customer purchase records.
The attack originated from a compromised employee laptop, which gave hackers access to legacy credentials and opened the door to Bitrefill's broader systems. Once inside, the attackers transferred funds to external wallets and exploited the platform's gift card inventory and supplier network. Unusual purchasing activity across multiple suppliers was what first alerted the company to the intrusion, prompting it to take its systems offline to contain further damage.
Approximately 18,500 purchase records were accessed, containing email addresses, cryptocurrency payment addresses, and IP address metadata. Around 1,000 of those records also included encrypted usernames. Bitrefill has since notified all affected users directly and confirmed that the data accessed appears to have been incidental rather than the primary target. The company's logs suggest attackers were focused on cryptocurrency holdings and gift card inventory, not mass data extraction. Bitrefill does not mandate KYC, so sensitive identification data was not stored.
The attack's methods, including malware deployment, on-chain fund tracing, and the reuse of known IP and email addresses, are consistent with previous Lazarus Group operations. The group has previously been linked to major crypto heists targeting Ronin Network, WazirX, Atomic Wallet, and Harmony's Horizon Bridge.
In response, Bitrefill has implemented stronger access controls, enhanced system monitoring, and improved incident response protocols, including third-party penetration testing. The company confirmed it remains financially stable and is absorbing all losses from its operational capital, with most services already restored to normal.
Comment 0