After two weeks of investigation, the popular crypto store Bitrefill published a detailed report on the cyberattack that occurred on March 1, 2026. Why did we only learn the details now and how serious is it?
📌 How did the breach occur? (Attack vector)
It was a targeted operation. Hackers gained access through an employee's personal laptop, where they discovered outdated credentials. Using them, the attackers were able to penetrate the corporate infrastructure and access the company's hot wallets.
👤 Who is behind the attack?
Analysis of the methods (Modus Operandi) and the malware used points to North Korean groups Lazarus Group and Bluenoroff. These are professional hackers who stole over $2 billion from the crypto sphere in 2025.
📊 Scale of the data leak:
The breach affected 18,500 purchase records.
Data includes: email addresses, IP metadata, and cryptocurrency transaction addresses.
About 1,000 users had encrypted names in their profiles, which may also have been compromised.
⏳ Why did the report come out only now?
The delay from March 1 to 17 was necessary for:
Full forensics: engaging experts (SEAL Org, Zeroshadow) to identify the hackers.
Safe recovery: checks of thousands of integrations with partners to ensure that no 'backdoors' remained.
Direct communication: initially, the company notified the most affected users personally.
✅ Key points for clients:
Funds are safe: Bitrefill covers all losses from working capital.
KYC has not been compromised: Your passports and documents are stored by an external provider and have not been accessed.
The service is operational: The platform is functioning normally, and security measures have been significantly enhanced.
⚠️ ADVICE: If you are a Bitrefill user, expect a surge in phishing. Hackers have your email addresses and know what you purchased. Never enter your passwords or seed phrases via links from emails!
Stay vigilant, as even large services are not immune to staff errors. 🛡️
#Bitrefill #Lazarus #CyberSecurity #CryptoNews #BinanceSquare #SafetyFirst