On March 1, 2026, Bitrefill, a platform for cryptocurrency payments and gift cards, experienced a cyberattack linked to the hacking group Lazarus, associated with North Korea. The attackers compromised parts of the company’s infrastructure, gaining access to production keys and transferring funds from hot wallets. Approximately 18,500 purchase records were exposed, which included emails, payment addresses, and IP addresses, although only around 1,000 records contained encrypted usernames.
The breach was initiated through a compromised employee laptop, leading to the exposure of legacy credentials. This allowed the hackers to infiltrate Bitrefill’s database and drain some hot wallets. The company detected unusual purchasing activity, indicating that attackers were exploiting its gift card inventory, prompting immediate action to take systems offline to mitigate damage.
Bitrefill has resumed operations and is committing to cover losses from its operational capital. The firm is collaborating with security experts and law enforcement to investigate the incident thoroughly. Despite the breach, Bitrefill maintains that customer data was not the primary target, and there is no evidence suggesting extensive extraction of its database.