Bitrefill Discloses March Data Breach Linked to DPRK Lazarus Hackers

KuCoinFlash

Release Time: 03/17/2026 16:55:37

BTC

$71,776.004.7%

Summary

On March 1, 2026, Bitcoin payment service Bitrefill disclosed a security breach tied to a compromised employee laptop. The incident exposed customer data, including email addresses, cryptocurrency payment addresses, and IP metadata, affecting approximately 18,500 records. Around 1,000 records containing encrypted names may also have been accessed. The attack exhibits similarities to previous activities attributed to the DPRK-linked Lazarus group. Bitrefill stated that no customer action is required but advised users to remain vigilant against suspicious communications. The company has isolated affected systems and is collaborating with security experts and law enforcement. It also noted that its financial position, supported by inflation data and operational profits, enables it to absorb the loss while strengthening its security measures.

Odaily Planet Daily reports that Bitcoin payment service Bitrefill disclosed on X that it suffered a cyberattack on March 1, 2026, resulting in a customer data breach. The attack originated from a compromised employee laptop, allowing attackers to access certain databases and cryptocurrency wallets. Investigations indicate that the attack methodology closely resembles past campaigns by the North Korean DPRK Lazarus/Bluenoroff hacking group targeting crypto companies. Approximately 18,500 purchase records containing limited customer information—such as email addresses, cryptocurrency payment addresses, and IP metadata—were exposed; around 1,000 of these records included encrypted customer names that may have been accessed. Bitrefill stated that customers do not need to take specific actions but are advised to remain vigilant for suspicious communications.

Bitrefill stated that the affected systems have been isolated, and it is collaborating with security experts, on-chain analysts, and law enforcement. Operations are now nearly back to normal. The company emphasized that it remains financially sound and profitable in the long term, with sufficient funds to absorb this loss, and will continue strengthening its cybersecurity measures, including internal access controls, monitoring, and incident response protocols.

Source:Show original

Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.