Crypto e-commerce and gift card business Bitrefill said it was the victim of a cyberattack likely perpetrated by the state-sponsored North Korean hacking collective Lazarus Group earlier this month.
“Based on indicators observed during the investigation – including the modus operandi, the malware used, on-chain tracing and reused IP + email addresses (!) – we find many similarities between this attack and past cyberattacks by the DPRK Lazarus / Bluenoroff group against other companies in the crypto industries,” Bitrefill said Tuesday on X, referring to the specialized Bluenoroff hacking subgroup.
According to Bitrefill, the hackers were able to drain some of the company’s hot wallets and place suspicious purchases with its vendors. It is unclear how much was lost through the attack, which was also allegedly able to tap into Bitrefill’s “broader infrastructure, including parts of our database and certain cryptocurrency wallets.”
The attack, which allegedly began on March 1, was able to access 18,500 purchase records, potentially revealing “limited customer information,” such as email addresses, crypto payment addresses, and metadata including IP addresses.
About 1,000 of those breached records are at a higher risk of having potentially revealed encrypted customer names. The company said it has contacted those individuals.
The Democratic People’s Republic of Korea (DPRK) is the biggest and most active threat to crypto security today. Chainalysis estimated DPRK-connected groups and individuals stole a record $2.02 billion via crypto thefts in 2025 — including the largest crypto exploit to date, the $1.5 billion hack of Bybit exchange by Lazarus — out of $3.4 billion in total stolen crypto funds.
Bitrefill said its attack began with a compromised employee laptop, a similar attack vector used in other attacks. Lazarus, for instance, often tries to embed fraudulent IT workers inside crypto services to gain privileged access to information or funds, Chainalysis said.
Crypto exploits often raise questions about corporate data storage of Personally Identifiable Information (PII). Last year, Coinbase disclosed that cyber criminals had bribed the exchange’s offshore customer service representatives in order to obtain user data and account management records, in an attack that could result in hundreds of millions of dollars in losses.
Bitrefill noted that it does not require mandatory KYC for most purchases, and in cases where KYC is required, “that data is kept exclusively with our external KYC provider, with no backups in our system.”
“Based on our investigation and our logs we don’t have reason to think that customer data was the target of this breach,” Bitrefill said. “There is no evidence that they extracted our entire database, only that the attackers ran a limited number of queries consistent with probing to understand what there was to steal, including cryptocurrency and Bitrefill gift card inventory.”
The company “will absorb” any losses from its operational capital. It worked with cybersecurity firms zeroShadow, SEAL911, RecoverisTeam, and others during its attack response.
“Almost everything is back to normal: payments, stock, accounts,” Bitrefill said, noting it took its systems offline as part of its initial containment response. “Sales volumes are also back to normal, and we are eternally thankful to our customers for your continued confidence in us.”
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Trade Crypto On Coinhub Exchange
Trade Crypto On Coinhub Exchange
Stay ahead of the market by turning news insights into trading opportunities. With Coinhub Exchange, you can seamlessly buy, sell, and manage your digital assets, all in one secure platform. Take advantage of real-time market insights, deep liquidity, and fast execution for your favorite cryptocurrencies. Don’t just read about it — trade crypto now!
Disclaimer
The content of this article shown by Coinhub News, powered by The Block, is for informational purposes only and should not be construed as financial, legal, tax, or investment advice. Coinhub News and its affiliates are not a licensed financial advisor, legal advisor, broker, or tax advisor, and ... should not be considered as professional advice or a recommendation to engage in any specific investment, legal decision, or financial transaction. Cryptocurrency markets are highly speculative and volatile. Readers should perform their own independent research and consult with a qualified professional before making any financial or legal decisions. The opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Company of its affiliates. Additionally, the Company does not make any representations or warranties regarding the accuracy, timeliness, reliability, or completeness of any information in this article. By accessing this content, you acknowledge that any reliance on the information contained in this article is solely at your own risk. The Company is not responsible for any financial losses, legal disputes, or other damages that may arise from reliance on this content or from any investment or legal decisions based on the information provided. Investing in cryptocurrencies involves substantial risks, including the risk of losing your entire investment, and you should carefully consider whether it is appropriate for your circumstances.
Read more
