Bitrefill Discloses Customer Data Breach from Suspected North Korean Hacker Attack in Early March

CryptoWorld reports that Bitcoin payment service provider Bitrefill disclosed on the X platform that on March 1, 2026, they suffered a cyberattack resulting in customer data leakage. The attack originated from an employee’s compromised laptop, which led to some databases and cryptocurrency wallets being accessed by the attacker. Investigations show that the attack method closely resembles previous attacks by North Korea’s DPRK Lazarus/Bluenoroff hacking groups targeting crypto companies. About 18,500 purchase records involved limited customer information (email, encrypted payment address, and IP metadata), with approximately 1,000 records containing customer names stored in encrypted form but possibly accessed. Bitrefill states that customers do not need to take special actions but should remain alert for unusual activity. The company added that they have isolated the affected systems, are working with security experts, on-chain analysts, and law enforcement, and have nearly restored normal operations. They emphasize that their business is profitable and well-funded, capable of absorbing the loss, and will continue to strengthen cybersecurity measures, including internal access controls, monitoring, and emergency response mechanisms.