Bitrefill discloses suspected North Korean hacker attack in early March leading to customer data breach, has shut down related systems for isolation

Odaily News Bitcoin payment service provider Bitrefill disclosed on platform X that it suffered a cyber attack on March 1, 2026, resulting in customer data exposure. The attack originated from a compromised employee laptop, leading to partial database and cryptocurrency wallet access by the attackers. The investigation indicates that the attack method closely resembles past attacks by the North Korean DPRK Lazarus/Bluenoroff hacker group targeting crypto companies. Approximately 18,500 purchase records involved limited customer information (email, encrypted payment addresses, and IP metadata), with around 1,000 records containing customer names stored encrypted but potentially accessible. Bitrefill stated that customers do not need to take special action but advised vigilance against unusual messages.

Bitrefill further added that it has currently shut down and isolated the related systems and is collaborating with security experts, on-chain analysts, and law enforcement. Operations have now almost returned to normal. The company emphasized that its business is profitable long-term and well-funded, capable of absorbing the losses from this incident, and will continue to strengthen cybersecurity measures, including internal access controls, monitoring, and emergency response mechanisms.