Bitrefill suffers cyberattack, around 18,500 transactions affected

Bitrefill, a platform that allows users to exchange crypto for gift cards and phone credits, announced it was targeted in a cyberattack on March 1. The attack began with a compromised employee laptop and expanded into the company’s infrastructure, affecting parts of its database and cryptocurrency wallets. Early evidence points to North Korean hacking groups Lazarus and Bluenoroff.

According to Bitrefill, about 18,500 purchase records were partially exposed, including email addresses, crypto payment addresses, and metadata such as IP addresses. For roughly 1,000 purchases requiring customer names, the data was encrypted, but affected users were notified directly as a precaution.

The company said no full database exfiltration occurred. Most platform operations have been restored, and losses will be covered from operational capital. Bitrefill is strengthening security measures, upgrading monitoring, penetration testing, and automating incident response.

North Korean hacker groups have been linked to several major crypto thefts, including last year’s $1.4 billion Bybit hack and the $622 million Ronin network hack tied to Axie Infinity in 2022. In 2025 alone, North Korean hackers have stolen over $2 billion in crypto, accounting for nearly 60% of total crypto thefts this year, according to Chainalysis.