Bitrefill accuses North Korea-linked Lazarus hacker group for compromising 18,500 purchase records

Markets Share Share this article Copy link X icon X (Twitter) LinkedIn Facebook Email Bitrefill accuses North Korea-linked Lazarus hacker group for compromising 18,500 purchase records Bitrefill will cover the losses from operational capital. By Omkar Godbole Mar 18, 2026, 7:17 a.m. Make us preferred on Google Bitrefill blames North Korea-linked hacker group for the March 1 breach. (geralt/Pixabay) What to know : Bitrefill said a March 1, 2026 cyberattack linked to North Korea’s Lazarus Group compromised parts of its infrastructure, drained some hot wallets and exposed about 18,500 purchase records. The breach began with a compromised employee laptop that revealed legacy credentials, allowing attackers to access production keys, exploit gift card supply chains and move funds before the company took systems offline. Bitrefill will cover the losses from operational capital. Cryptocurrency payments and gift card platform Bitrefill has blamed the North Korea-linked hacking group Lazarus for a cyberattack on March 1, 2026, that compromised parts of its infrastructure and cryptocurrency wallets. The attackers gained access to production keys, transferred funds from hot wallets, and exposed 18,500 purchase records containing emails, payment addresses, and IP addresses. Approximately 1,000 records included encrypted usernames. Affected users were notified. Operations have resumed, with the company announcing to cover losses from operational capital. The incident underscores the importance of vigilance regarding crypto and on-chain security. The modus operandi included malware, on-chain tracing and reused IP and email addresses and was similar to previous attacks attributed to North Korea’s Lazarus Group, also known as Bluenoroff, the company said in a detailed report on X. The Lazarus Group has previously targeted crypto projects including Ronin Network, Harmony’s Horizon Bridge, WazirX, and Atomic Wallet. How the attack unfolded It all began with with a compromised employee laptop, which exposed legacy credentials and allowed attackers to access Bitrefill’s broader infrastructure, including parts of its database and cryptocurrency wallets. The breach quickly became apparent when the company noticed unusual purchasing patterns among certain suppliers, signaling that attackers were exploiting its gift card inventory and supply chains. The firm also noted that attackers were draining some hot wallets and moving funds to their own addresses, following which, the system was taken offline to contain the damage. “Bitrefill operates a global e-commerce business with dozens of suppliers, thousands of products, and multiple payment methods across many countries. Safely switching all these things off and bringing them back online is not trivial,” the company said in a statement. Since the incident, Bitrefill has been working with security researchers, incident response teams, on-chain analysts, and law enforcement to investigate the breach. Customer data impact Hackers accessed a small set of purchase records, approximately 18,500, containing Bitrefill said there is no evidence that customer data was a primary target. Its logs indicate that attackers ran a limited number of queries aimed at cryptocurrency holdings and gift card inventory rather than extracting the entire database. The platform stores minimal personal data and does not require mandatory KYC. A small subset of purchase records, approximately 18,500, was accessed, containing information such as email addresses, crypto payment addresses, and metadata including IP addresses. About 1,000 records contained encrypted names for specific products; the company is treating this data as potentially compromised and has notified affected customers directly by email. At present, Bitrefill does not believe customers need to take any additional action, though it advises caution regarding unexpected communications related to Bitrefill or cryptocurrency. Steps to strengthen security In response to the breach, Bitrefill said it has already strengthened its cybersecurity practices and is working to draw lessons from the incident. The company outlined several measures, including conducting comprehensive penetration tests with external experts, tightening internal access controls, enhancing logging and monitoring for faster threat detection, and refining incident response procedures and automated shutdown protocols. Looking forward Bitrefill acknowledged that this was its first major attack in more than a decade of operation but stressed that it remains well-funded and profitable, capable of absorbing operational losses. Most systems, including payments, stock, and accounts, are back online, with sales volumes returning to normal. “Getting hit by a sophisticated attack sucks (a lot),” the company said. “But we survived. We will continue to do our best to continue deserving our customers’ trust." hacking More For You XRP hovers near $14 million options battleground that could sway trading By Omkar Godbole 1 hour ago XRP is trading around $1.50, just above a key options cluster at $1.40 on Deribit. What to know : XRP is trading around $1.50, just above a key options cluster at $1.40 on Deribit. About $14.6 million in open interest is concentrated at this strike, nearly 25% of all XRP options on the exchange. Read full story Latest Crypto News XRP hovers near $14 million options battleground that could sway trading 1 hour ago Stratton wins Illinois Senate primary, defeating crypto-backed Krishnamoorthi 4 hours ago Senator Tim Scott says market structure negotiations are advancing 9 hours ago Bitcoin's rally faces key hurdle with Wednesday's Fed meeting 10 hours ago U.S. SEC issues first-ever definitions for what crypto assets are securities 10 hours ago Mastercard's $1.8 billion deal 'a clear answer' to a massive shift in the global payment war 12 hours ago Top Stories Arizona Attorney General files criminal charges against prediction market Kalshi 13 hours ago Strategy’s latest massive bitcoin purchase offers insight into its evolving funding model 15 hours ago Sam Altman's World teams up with Coinbase to prove there is a real person behind every AI transaction 16 hours ago Popular Solana wallet Phantom wins CFTC nod to access regulated derivatives markets 16 hours ago U.S. Democrats target government officials gaming prediction markets on war action 17 hours ago