⚡❌ ALERT - Bitrefill revealed that it had been hacked on March 1, 2026, in an incident suspected to be linked to the North Korean group Lazarus/Bluenoroff.
18,500 order records were accessed, including email addresses and crypto addresses.
The breach stemmed from a compromised employee device and the leak of credentials, allowing attackers to access parts of its database and hot wallets and transfer funds.
“Since the incident, our team has been working closely with the industry’s top security researchers, incident response specialists, blockchain analysts, and law enforcement to understand what happened and how we can prevent this from happening again.”
“Approximately 18,500 purchase records were accessed by the attackers. These records contained limited customer information, such as email addresses, crypto payment addresses, and metadata, including IP addresses.
For approximately 1,000 purchases, certain products required customers to provide a name. This information is encrypted in our database. However, since the attackers may have gained access to the encryption keys, we are treating this data as potentially accessible. Customers in this category have already been notified directly via email.”
18,500 order records were accessed, including email addresses and crypto addresses.
The breach stemmed from a compromised employee device and the leak of credentials, allowing attackers to access parts of its database and hot wallets and transfer funds.
“Since the incident, our team has been working closely with the industry’s top security researchers, incident response specialists, blockchain analysts, and law enforcement to understand what happened and how we can prevent this from happening again.”
“Approximately 18,500 purchase records were accessed by the attackers. These records contained limited customer information, such as email addresses, crypto payment addresses, and metadata, including IP addresses.
For approximately 1,000 purchases, certain products required customers to provide a name. This information is encrypted in our database. However, since the attackers may have gained access to the encryption keys, we are treating this data as potentially accessible. Customers in this category have already been notified directly via email.”
41❤️4🤙1
