2
7
Bitrefill, a company that sells gift cards and digital products using cryptocurrency, announced that it was attacked on March 1, 2026, and published a detailed incident report regarding the cyberattack. The company believes that the attack was most likely carried out by the North Korean-linked Lazarus/Bluenoroff group.
According to Bitrefill, the attack began via a compromised employee laptop. Using an old credential from this device, the attackers gained access to production data within the system. This access allowed them to obtain broader privileges within the company infrastructure, including access to certain sections of the database and specific cryptocurrency wallets.
The company discovered the attack thanks to unusual purchasing behavior detected in transactions with suppliers. Investigations revealed that gift card stocks had been misused and funds had been transferred from some hot wallets to the attackers’ addresses. Following the detection of the incident, Bitrefill quickly took its systems offline and initiated the response process.
While it was confirmed that some of the company’s crypto assets were seized during the attack, Bitrefill was forced to temporarily suspend all its operations. It was noted that restoring the systems would be a complex process due to the platform’s global reach and its involvement with numerous suppliers and payment systems.
The company informed affected users that the stolen data was encrypted, but the attackers may have gained access to the encryption keys.
The company stated that it remains financially stable following the incident and that losses will be covered from operating capital. Payments, inventory, and user accounts on the platform have largely returned to normal, and transaction volumes have reached their previous levels.
*This is not investment advice.
bitcoinworld.co.in
coinedition.com
cointelegraph.com
