Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Cryptocurrency platform Bitrefill reported a breach resulting in the exposure of data for 18,500 users., 2026/03/18 11:44:09
The cryptocurrency platform Bitrefill, which enables users to purchase goods and gift cards using cryptocurrencies, announced that it fell victim to a hacking incident on March 1. The company did not disclose the extent of the damage but stated that it would cover the losses from its own funds.
According to Bitrefill, the attackers gained access to the system through a compromised employee laptop, from which outdated credentials were stolen. As a result, the hackers were able to access approximately 18,500 purchase records.
The leaked information includes users’ email addresses, cryptocurrency payment addresses, and IP addresses. The company detected the incident after noticing suspicious purchases of gift cards from certain suppliers.
Related Posts
Bitrefill clarified that the attack involved malware, blockchain monitoring, as well as the reuse of IP addresses and email addresses.
The attackers also managed to withdraw funds from several of the platform’s hot wallets. However, the company did not disclose the amount of stolen funds. Bitrefill suspects that North Korean hacker groups Lazarus and Bluenoroff may be involved in the attack.
The company stated that the consequences of the incident have been addressed: payments, accounts, and sales volumes have returned to normal. Users were advised to remain vigilant and avoid clicking on suspicious links related to cryptocurrencies or the Bitrefill service.
The platform has notified law enforcement and engaged cybersecurity firms, including Security Alliance, FearsOff Security, Recoveris.io, and zeroShadow, to assist in the investigation. Additionally, Bitrefill has enhanced access controls and monitoring systems to prevent similar attacks in the future.
The Lazarus group is regarded as one of the most dangerous threats to the cryptocurrency industry. According to on-chain analyst ZachXBT, it may be responsible for the hack of the cryptocurrency exchange Bybit, which resulted in the theft of approximately 400,000 ETH valued at $1.4 billion.
