Crypto Present Card Platform Bitrefill Discloses Hack, Factors Finger at North Korean Teams – Decrypt

Briefly
Bitrefill was hit by a March 1 cyberattack that escalated from a compromised laptop computer to database and pockets entry, with proof pointing to North Korean hacking teams Lazarus and Bluenoroff.
About 18,500 buy information had been partially uncovered; no full database exfiltration occurred, and affected customers had been notified straight.
Most operations have been restored, losses shall be coated by operational capital, and Bitrefill is tightening safety measures going ahead.
Bitrefill, a platform that lets customers trade cryptocurrency for present playing cards and cellphone service credit score, disclosed Tuesday that it was focused in a March 1 cyberattack.In line with the agency, it started with a compromised worker laptop computer, then expanded into broader infrastructure after attackers exfiltrated a legacy credential tied to a snapshot containing manufacturing secrets and techniques.In an incident report posted to X, the corporate stated the attackers moved from preliminary entry into elements of its database and sure cryptocurrency wallets, whereas additionally exploiting present card stock and provider buying strains. Bitrefill stated it detected the breach after recognizing suspicious provider buying patterns. As soon as confirmed, it took all programs offline as a part of containment.The corporate had beforehand disclosed on March 1 that it was coping with a “technical subject” after which later a “safety subject,” at which level it took down all providers. Tuesday was the primary time that Bitrefill offered full particulars on the assault and potential instigators.
March 1st incident report
On March 1, 2026, Bitrefill was the goal of a cyberattack. Based mostly on indicators noticed throughout the investigation – together with the modus operandi, the malware used, on-chain tracing and reused IP + electronic mail addresses (!) – we discover many similarities…
— Bitrefill (@bitrefill) March 17, 2026The firm stated its investigation discovered a number of indicators that it described as just like prior trade assaults from the North Korean state-sponsored hacking teams Lazarus and Bluenoroff, together with malware patterns, on-chain tracing, and reused infrastructure. Bitrefill stated it has been working with incident responders, on-chain analysts, and regulation enforcement because the investigation continues.On buyer affect, Bitrefill stated logs present no proof of full database exfiltration, however a subset of information was accessed. The corporate stated roughly 18,500 buy information had been affected, together with restricted fields equivalent to electronic mail addresses, crypto cost addresses, and metadata together with IP addresses.For roughly 1,000 purchases requiring buyer names, Bitrefill stated these fields had been encrypted however is treating them as doubtlessly accessed as a result of attackers could have obtained related keys. The corporate stated customers in that subset had been notified straight by electronic mail.Bitrefill stated it doesn't require obligatory KYC and shops verification info with an exterior supplier, moderately than in inside backups. Based mostly on present findings, the corporate stated it doesn't imagine prospects have to take particular motion, whereas advising warning round surprising Bitrefill- or crypto-related communications.The corporate stated most operations are actually again to regular, together with funds, inventory, and accounts, and that losses shall be absorbed by operational capital. Bitrefill additionally stated it's persevering with exterior safety critiques and penetration testing, tightening inside entry controls, and upgrading logging, monitoring, and incident-response automation.North Korean hacking teams have been tied by authorities to many distinguished crypto trade heists, together with final yr’s $1.4 billion Bybit trade hack, and 2022’s $622 million hack of the Ronin gaming community tied to crypto sport Axie Infinity. Final yr, hackers linked to North Korea swiped over $2 billion value of crypto, per a report from Chainalysis.Each day Debrief NewsletterStart day by day with the highest information tales proper now, plus authentic options, a podcast, movies and extra.