Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / Bitcoinist /
North Korean Lazarus Hackers Drain Funds from Crypto E-Commerce Giant Bitrefill

North Korean Lazarus Hackers Drain Funds from Crypto E-Commerce Giant Bitrefill

Author:
Bitcoinist
Published:
2026-03-18 02:00:45
4
1

Crypto e-commerce platform Bitrefill has been hit by a major cyberattack, with funds drained and user data exposed in a breach linked to North Korea's notorious Lazarus hacking group. The Sweden-based company revealed the March 1, 2026, attack in a post-mortem report released Tuesday, marking another high-profile crypto sector target for state-sponsored hackers.

18,500 Purchase Records Exposed

In a statement shared on social media platform X, Bitrefill explained that the attack exhibited several indicators consistent with previous incursions attributed to the North Korean Lazarus and Bluenoroff groups. 

The attack was initiated through a compromised employee laptop, from which legacy credentials were extracted. These credentials reportedly allowed the attackers to access sensitive data, including a snapshot containing crucial production secrets, ultimately leading to broader access within Bitrefill’s infrastructure, database, and wallets.

The cyberattack was first detected when the team noticed “suspicious purchasing patterns,” indicating that gift card inventories were being misused. As a result, some of the company’s hot wallets were compromised, with funds being redirected to wallets controlled by the attackers. 

Regarding customer data, Bitrefill emphasized that its investigation did not indicate that customers’ information was the primary target of the breach. 

The firm asserted there is no evidence suggesting the attackers accessed the entire database; rather, they executed a limited number of queries, likely in an attempt to probe the system for valuable data, including cryptocurrency and gift card inventories.

However, the company did confirm that the breach involved access to approximately 18,500 purchase records, which contained limited customer information such as email addresses, cryptocurrency payment addresses, and metadata including IP addresses. 

For around 1,000 purchases, customers had to provide names for specific products, and while this information is encrypted, the attackers may have accessed the encryption keys. 

Bitrefill Strengthens Cybersecurity Post-Attack

In response to the cyberattack, Bitrefill is enhancing its cybersecurity measures. This includes thorough reviews and penetration tests conducted by various external experts, and implementing their recommendations. 

The platform is also tightening internal access controls, improving logging and monitoring for quicker detection, and refining its incident response protocols alongside automated shutdown strategies.

Additionally, Bitrefill has been collaborating with top industry security experts, incident response teams, on-chain analysts, and law enforcement agencies to gain a deeper understanding of the breach and to implement measures that prevent future occurrences. 

In its statement, the firm clarified that operations are returning to normal. Payment processing, stock availability, and account functionalities are stabilizing. The Bitrefill team concluded:

Bitrefill was designed to limit the impact if something like this ever happened. Bitrefill remains well funded, has been profitable for several years and will absorb these losses from our operational capital… We will continue to do our best to continue deserving your trust.

Bitrefill

Featured image from OpenArt, chart from TradingView.com

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2026 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.