Bitrefill said it was hit by a March 1 cyberattack linked to North Korean hacking groups, resulting in drained company funds and limited user data exposure.
Bitrefill Says Security Breach Was Likely Connected to Lazarus GroupThe company said it detected the intrusion after identifying suspicious purchasing patterns and irregularities in supplier activity. Investigators later confirmed that attackers exploited gift card inventory systems while simultaneously draining funds from hot wallets to addresses under their control.
Bitrefill emphasized that it stores minimal personal data and does not require mandatory know-your-customer verification, noting that any identity data is handled by external providers rather than stored internally. The company added there is no evidence its full database was exfiltrated.
FAQ What happened in the Bitrefill hack?Bitrefill suffered a March 1 cyberattack that led to drained funds and limited access to customer purchase records. Was customer data stolen?About 18,500 records were accessed, including emails and crypto addresses, but no full database exfiltration was confirmed. Who is suspected behind the attack?Bitrefill said indicators suggest links to North Korea’s Lazarus or Bluenoroff hacking groups. What should users do now?The company advises staying alert for suspicious messages but says no immediate action is required at this time.
