{"id":7952,"date":"2026-03-18T10:42:12","date_gmt":"2026-03-18T10:42:12","guid":{"rendered":"https:\/\/dailystreetchronicle.com\/index.php\/2026\/03\/18\/crypto-platform-bitrefill-hacked-18500-user-records-exposed-in-cyberattack\/"},"modified":"2026-03-18T10:42:12","modified_gmt":"2026-03-18T10:42:12","slug":"crypto-platform-bitrefill-hacked-18500-user-records-exposed-in-cyberattack","status":"publish","type":"post","link":"https:\/\/dailystreetchronicle.com\/index.php\/2026\/03\/18\/crypto-platform-bitrefill-hacked-18500-user-records-exposed-in-cyberattack\/","title":{"rendered":"Crypto Platform Bitrefill Hacked: 18,500 User Records Exposed in Cyberattack"},"content":{"rendered":"

The post Crypto Platform Bitrefill Hacked: 18,500 User Records Exposed in Cyberattack<\/a> appeared first on Coinpedia Fintech News<\/a><\/p>\n

Crypto payments platform Bitrefill has confirmed a major cyberattack on March 1, 2026, with signs pointing to the North Korea-linked Lazarus Group<\/a>. The Bitrefill attack exposed internal systems, drained crypto wallets, and accessed around 18,500 user records. Let\u2019s understand how the Bitrefill hack happened and whether user data is safe.<\/p>\n

How the Bitrefill Hack Happened?<\/h2>\n

The Bitrefill hack began in a simple but most dangerous manner, through a compromised employee’s laptop. In an X post, Bitrefill said Hackers managed to steal old login credentials, which gave them access to internal systems.\u00a0<\/p>\n

Stolen login details helped attackers enter internal systems and move deeper into the company\u2019s infrastructure.<\/p>\n

From there, they accessed parts of the database and crypto hot wallets, allowing them to transfer funds to external addresses.<\/p>\n

\n
\n
\n

March 1st incident report<\/p>\n

On March 1, 2026, Bitrefill was the target of a cyberattack. Based on indicators observed during the investigation – including the modus operandi, the malware used, on-chain tracing and reused IP + email addresses (!) – we find many similarities\u2026<\/p>\n

— Bitrefill (@bitrefill) March 17, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

As the attack happened, the company first noticed unusual activity when attackers started misusing its gift card system. At the same time, funds were being moved from hot wallets.<\/p>\n

Once detected, Bitrefill quickly took all systems offline to stop further damage and secure its platform.<\/p>\n

18,500 User Records Exposed<\/h3>\n

Bitrefill confirmed that about 18,500 purchase records were accessed. This data included email IDs, crypto wallet addresses, and technical details such as IP addresses. <\/p>\n

In around 1,000 cases, customer names may also have been exposed. The company said this data was encrypted but still treated as potentially compromised.<\/p>\n

Despite the breach, Bitrefill said it stores very little personal data and does not require full KYC. Any sensitive user data is kept with external providers, not on its own systems.<\/p>\n

Lazarus Group Suspected of Being Behind This Attack<\/h3>\n

Following the attack pattern, Bitrefill said the incident shows strong similarities to past attacks linked to the North Korea state-sponsored Lazarus Group<\/a>.<\/p>\n

These similarities include malware patterns, reused systems, and on-chain fund movements.<\/p>\n

Bitrefill Began an Investigation Following The Hack<\/h3>\n

Further, in a post, Bitrefill said it began working with cybersecurity experts, blockchain analysts, and law enforcement to investigate the breach.<\/p>\n

The company is now improving its system by adding stronger controls, more robust monitoring, and faster response plans.<\/p>\n

For users, Bitrefill said there is no need for immediate action but advised staying alert for phishing emails or suspicious messages.<\/p>\n

\n
\n
Never Miss a Beat in the Crypto World!<\/h5>\n

Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.<\/p>\n<\/p><\/div>\n

\n
\n
\n