Atlas21
  • ‎
No Result
View All Result
Atlas21
No Result
View All Result
Atlas21
Home Bitcoin

Bitrefill hit by hacker attack: the Lazarus Group is believed to be behind it

Newsroom by Newsroom
March 17, 2026
in Bitcoin
address poisoning
Share on FacebookShare on TwitterShare on Linkedin

The North Korean group is suspected to be behind the cyberattack that drained wallets and compromised 18,500 transactions on the Bitcoin e-commerce platform.

On March 1, Bitrefill was targeted by a cyberattack believed to be attributable to the Lazarus Group, a cybercriminal organization linked to the North Korean regime.

March 1st incident report

On March 1, 2026, Bitrefill was the target of a cyberattack. Based on indicators observed during the investigation – including the modus operandi, the malware used, on-chain tracing and reused IP + email addresses (!) – we find many similarities…

— Bitrefill (@bitrefill) March 17, 2026

The breach began through a compromised employee laptop. From that device, the attackers were able to extract outdated credentials, which opened access to a snapshot containing sensitive production data. Once inside, the escalation was rapid.

Starting from the initial credentials, the group expanded its access across the entire corporate infrastructure, penetrating critical portions of the database and reaching operational wallets (hot wallets).

The first warning sign emerged from the analysis of purchasing patterns. The Bitrefill team detected suspicious anomalies in transactions involving certain suppliers: gift card inventory was being systematically exploited. At the same time, funds held in hot wallets were being drained and transferred to addresses controlled by the attackers.

Investigators identified multiple indicators pointing to the Lazarus/Bluenoroff Group, the DPRK’s operational arm in cyberspace. Bitrefill worked closely with cybersecurity experts, incident response specialists, blockchain analysts, and law enforcement to reconstruct the incident and close the vulnerabilities.

Compromised data

Approximately 18,500 purchase transactions were compromised during the breach. The exposed data included email addresses, digital asset payment addresses, and metadata such as users’ IP addresses.

For a subset of around 1,000 transactions – where the purchase of specific products required a name – this data was encrypted in the database. However, given that the attackers may have gained access to the decryption keys, Bitrefill is treating this information as potentially compromised. Affected customers have already been directly notified via email.

Post-attack security measures

The company has implemented a multi-layered cybersecurity reinforcement plan:

  • comprehensive reviews with penetration testing conducted by multiple external experts;
  • further tightening of internal access controls;
  • enhanced logging and monitoring for faster anomaly detection;
  • refinement and continuous testing of incident response and automatic shutdown procedures.

At this time, based on the available information, Bitrefill does not believe any specific action is required from customers. As a general precaution, the company recommends remaining vigilant toward unexpected communications mentioning Bitrefill or digital asset-related topics, which may represent potential phishing or social engineering attempts.

Previous Post

Australia: Senate approves bill on digital asset licensing

Next Post

USA: SEC and CFTC declare that most digital assets are not securities

Latest News

stablecoin
Crypto

The digital ruble and the digital euro are the same prison with different walls

by Federico Rivi
July 3, 2026
0

Moscow and Frankfurt speak different languages but are building the same architecture: programmability, transaction surveillance, abolition of monetary privacy.

Read moreDetails
criptovalute
Industry

Russia to roll out the digital ruble at scale by September

by Newsroom
July 3, 2026
0

The Bank of Russia's timeline moves the digital ruble from pilot to national monetary infrastructure, with direct implications for the...

Read moreDetails
Jeff Booth: Bitcoin is a protocol, not an asset
Bitcoin

Jeff Booth: Bitcoin is a protocol, not an asset

by Newsroom
July 2, 2026
0

The distinction between store of value and monetary protocol determines, according to Booth, the very fate of the network over...

Read moreDetails
La Fed pubblica i primi dati dello studio sui pagamenti 2025
Industry

Fed releases first data from the 2025 payments study

by Newsroom
July 2, 2026
0

The Federal Reserve's triennial study captures a system digitalising under state stewardship: whoever controls payment infrastructure data controls the currency.

Read moreDetails
Raccontare Bitcoin tramite l’arte
Feature

The Fed’s independence is a legal fiction

by Federico Rivi
July 1, 2026
0

The SCOTUS rulings of 29 June 2026 on independent agencies reveal that the American central bank has always been, in...

Read moreDetails
Atlas21

© 2026 Atlas21

Navigate Site

  • Editorial Policy
  • Cookie Policy
  • Privacy Policy
  • Team

Follow Us

No Result
View All Result
  • Bitcoin 101
    • What Is Bitcoin? A Complete Guide
    • Bitcoin Security: A Complete Guide
    • Bitcoin Privacy: A Complete Guide
    • Lightning Network: A Complete Guide
    • Bitcoin Mining: A Complete Guide
    • Advanced Bitcoin: A Technical Guide
  • Learn
  • Latest News
  • Interviews
  • Opinion
  • Feature
  • B2B Services
  • About Us
  • Contacts

© 2026 Atlas21

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site, we will assume that you are happy with it.