The post Crypto Platform Bitrefill Hacked: 18,500 User Records Exposed in Cyberattack appeared first on Coinpedia Fintech News
Crypto payments platform Bitrefill has confirmed a major cyberattack on March 1, 2026, with signs pointing to the North Korea-linked Lazarus Group. The Bitrefill attack exposed internal systems, drained crypto wallets, and accessed around 18,500 user records. Let’s understand how the Bitrefill hack happened and whether user data is safe.
How the Bitrefill Hack Happened?
The Bitrefill hack began in a simple but most dangerous manner, through a compromised employee’s laptop. In an X post, Bitrefill said Hackers managed to steal old login credentials, which gave them access to internal systems.
Stolen login details helped attackers enter internal systems and move deeper into the company’s infrastructure.
From there, they accessed parts of the database and crypto hot wallets, allowing them to transfer funds to external addresses.
As the attack happened, the company first noticed unusual activity when attackers started misusing its gift card system. At the same time, funds were being moved from hot wallets.
Once detected, Bitrefill quickly took all systems offline to stop further damage and secure its platform.
18,500 User Records Exposed
Bitrefill confirmed that about 18,500 purchase records were accessed. This data included email IDs, crypto wallet addresses, and technical details such as IP addresses.
In around 1,000 cases, customer names may also have been exposed. The company said this data was encrypted but still treated as potentially compromised.
Despite the breach, Bitrefill said it stores very little personal data and does not require full KYC. Any sensitive user data is kept with external providers, not on its own systems.
Lazarus Group Suspected of Being Behind This Attack
Following the attack pattern, Bitrefill said the incident shows strong similarities to past attacks linked to the North Korea state-sponsored Lazarus Group.
These similarities include malware patterns, reused systems, and on-chain fund movements.
Bitrefill Began an Investigation Following The Hack
Further, in a post, Bitrefill said it began working with cybersecurity experts, blockchain analysts, and law enforcement to investigate the breach.
The company is now improving its system by adding stronger controls, more robust monitoring, and faster response plans.
For users, Bitrefill said there is no need for immediate action but advised staying alert for phishing emails or suspicious messages.
Never Miss a Beat in the Crypto World!
Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.
FAQs
On March 1, 2026, Bitrefill suffered a cyberattack where hackers used stolen employee login credentials to access internal systems, drain crypto hot wallets, and view around 18,500 user purchase records.
Bitrefill stores minimal personal data and does not require full KYC. While email addresses and wallet addresses were exposed, sensitive information is kept with external providers, reducing the risk of identity theft.
Security experts suspect the North Korea-linked Lazarus Group is responsible. Bitrefill noted the attack matched their patterns, including specific malware signatures and methods used to move stolen cryptocurrency funds.
Users should stay alert for phishing emails, avoid suspicious links, and monitor accounts. No immediate action is required, but caution is strongly advised.