Crypto E-Commerce Platform Bitrefill’s Funds Suffered From North Korean Cyberattack

Bitrefill, a Swedish crypto e-commerce platform, revealed on Tuesday that it was the victim of a cyberattack on March 1, 2026, carried out by suspected North Korean hackers linked to the infamous Lazarus group.

The company has released a post-mortem report detailing the breach, which led to financial losses and the exposure of small amounts of user data.

18,500 Purchase Records Revealed

In a statement shared on social media X, Bitrefill he explained that the attack showed several indicators consistent with previous infiltrations caused by the North Korean groups Lazarus and Bluenoroff.

The attack was launched from a compromised employee’s laptop, from which legacy attributes were extracted. These credentials reportedly allowed the attackers to access sensitive data, including a snapshot containing important manufacturing secrets, leading to extensive access within Bitrefill’s infrastructure, database, and wallets.

The cyberattack was first discovered when the team noticed “suspicious purchase patterns,” indicating that the gift card list was being misused. As a result, some of the companies hot bags were compromised, the money is transferred to funds controlled by the attackers.

Regarding customer data, Bitrefill emphasized that its investigation did not indicate that customer information was the primary target of the breach.

The firm asserted that there is no evidence to suggest that the attackers accessed all of the databases; instead, they used a limited number of queries, presumably in an attempt to test the system for valuable data, including cryptocurrency and gift card assets.

However, the company confirmed that the breach involved access to approximately 18,500 purchase records, which contained limited customer information such as email addresses, cryptocurrency. billing addressesand metadata including IP addresses.

For about 1,000 purchases, customers had to provide the names of certain products, and while this information was encrypted, attackers could have access to the encryption keys.

Bitrefill Strengthens Cybersecurity Post-Attack

In response to the cyberattack, Bitrefill is developing its own cyberattack Internet security measures. This includes comprehensive reviews and penetration tests conducted by various external experts, and implementing their recommendations.

The platform is also strengthening internal access controls, improving logging and monitoring for faster detection, and refining its incident response protocols with automatic shutdown strategies.

Additionally, Bitrefill has been working with the industry’s top security experts, incident response teams, on-chain analysts, and law enforcement agencies to gain deeper insights to break and implementing preventive measures in the future.

In its statement, the company clarified that operations are returning to normal. Payment processing, stock availability, and account operations are stable. The Bitrefill team concluded that:

Bitrefill is designed to limit the impact if something like this happens. Bitrefill remains well funded, has been profitable for several years and will absorb this loss from our operating income… We will continue to do everything we can to continue we must trust you.

Featured image from OpenArt, chart from TradingView.com

Planning process because bitcoinist focuses on delivering well-researched, accurate, and unbiased content. We maintain strict sourcing standards, and each page is diligently reviewed by our team of senior technical experts and experienced editors. This process ensures the integrity, relevance, and value of our content to our readers.