ChainCatcher report: Bitcoin payment service Bitrefill disclosed on X that it suffered a cyberattack on March 1, 2026, resulting in a customer data breach. The attack originated from a compromised employee laptop, allowing attackers to access certain databases and cryptocurrency wallets. Investigation findings indicate that the attack methodology closely resembles past campaigns by the North Korean DPRK Lazarus/Bluenoroff hacking group targeting crypto firms. Approximately 18,500 purchase records contained limited customer information—including email addresses, cryptocurrency payment addresses, and IP metadata—while around 1,000 records included encrypted customer names that may have been accessed. Bitrefill stated that customers do not need to take any specific action but are advised to remain vigilant for suspicious communications. The company added that the affected systems have been shut down and isolated, and it is collaborating with security experts, on-chain analysts, and law enforcement; operations are now nearly fully restored. Bitrefill emphasized that it remains financially sound and profitable, capable of absorbing this loss, and will continue strengthening its cybersecurity measures, including internal access controls, monitoring, and incident response protocols.
Bitrefill Discloses Data Breach Linked to Suspected North Korean Hackers
ChaincatcherShare
Summary
On March 1, 2026, Bitcoin payment service Bitrefill disclosed a security breach following a suspected North Korean hacking attempt. The attack exploited a compromised employee laptop, resulting in partial exposure of its database. The incident aligns with tactics historically used by the DPRK-linked Lazarus/Bluenoroff group. Approximately 18,500 purchase records were affected, including email addresses, IP metadata, and cryptocurrency addresses. Around 1,000 records containing encrypted names may have been accessed. Bitrefill stated that customers do not need to take immediate action but should remain vigilant for phishing attempts. The company has isolated the breach and is collaborating with cybersecurity experts and law enforcement. Operations are nearly restored to normal, with no anticipated financial impact. Bitrefill plans to strengthen its security protocols, particularly regarding access controls and monitoring. The breach occurs amid growing concerns over inflation data and escalating cybersecurity threats within the cryptocurrency sector.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.