Bitrefill Discloses Customer Data Breach from Suspected North Korean Hacker Attack in Early March

Odaily Planet Daily reports that Bitcoin payment service provider Bitrefill disclosed on X platform that on March 1, 2026, they suffered a cyberattack resulting in customer data leakage. The attack originated from an employee’s compromised laptop, which led to some databases and cryptocurrency wallets being accessed by the attacker. Investigations show that the attack method closely resembles previous attacks by North Korea’s DPRK Lazarus/Bluenoroff hacking group targeting crypto companies. About 18,500 purchase records involved limited customer information (email, encrypted payment address, and IP metadata), with approximately 1,000 records containing customer names stored in encrypted form but potentially accessible. Bitrefill states that customers do not need to take special action but should remain alert for unusual activity.

Bitrefill added that they have now isolated the affected systems and are working with security experts, on-chain analysts, and law enforcement. Normal operations have nearly resumed. They emphasize that the business is profitable in the long term and financially stable enough to absorb the loss, and they will continue to strengthen cybersecurity measures, including internal access controls, monitoring, and emergency response mechanisms.