Crypto Gift Card Platform Bitrefill Discloses Hack, Points Finger at North Korean Groups
On March 1, 2026, Bitrefill, a crypto-to-gift card and phone credit platform, suffered a cyberattack initiated by a compromised employee laptop. Attackers escalated access using a legacy credential, infiltrating parts of Bitrefill’s database, cryptocurrency wallets, gift card inventory, and supplier purchasing systems. Detection came after noticing abnormal supplier purchasing patterns, leading Bitrefill to shut down all services for containment. Investigation identified similarities to attacks from North Korean hacking groups Lazarus and Bluenoroff, with overlapping malware and infrastructure. Approximately 18,500 purchase records were accessed, including email and crypto payment addresses, metadata, and for 1,000 purchases, potentially encrypted customer names. Customers in the affected subset were notified. Bitrefill does not require KYC and stores verification info externally. No evidence suggests full database exfiltration, and the company does not expect customers to take immediate action but recommends caution with suspicious communications. Operations have largely resumed, and losses will be covered internally. Bitrefill is enhancing internal controls and continuing external security assessments.
