BlockBeats News, March 18, Cryptocurrency e-commerce platform Bitrefill released an incident report stating that the company experienced a network attack on March 1, 2026. The investigation found that the attack vector, malware, and on-chain fund flow were highly similar to previous attacks on the cryptocurrency industry by the North Korean hacker groups Lazarus Group / Bluenoroff.
Bitrefill stated that the attack originated from a compromised employee laptop. The hacker, after stealing old credentials, gained access to the system and obtained a snapshot containing production keys. Subsequently, they escalated privileges to access parts of the database and cryptocurrency wallets, transferring funds from the hot wallet.
Upon discovering abnormal gift card purchases and inventory exploitation, the company confirmed the intrusion and immediately shut down all systems for emergency response. In terms of data, Bitrefill mentioned that the attackers accessed approximately 18,500 purchase records involving email addresses, cryptocurrency payment addresses, IP addresses, and other information. Around 1,000 orders contained encrypted name information, and the affected users have been notified.
The company stated that there is currently no evidence of a full database theft and believes that customers do not need to take additional action. However, they advised caution against any communication that impersonates Bitrefill or is related to cryptocurrency assets. The platform mentioned that it will continue to enhance security audits, permission controls, and monitoring systems to prevent similar incidents in the future.
