Skip to main content
ClusterWire.newsAI That Reads the Crypto World for You
Featured AnalysisPrimary topicSecurity

Bitrefill says March breach drained funds and exposed 18,500 purchase records; blames North Korea-linked group

Bitrefill disclosed a March 1 cyberattack that exposed purchase records and drained company funds; the firm attributes the incident to a North Korea‑linked actor and has published an incident report.

Mar 17, 20266:18 PMNewsroom AI

Bitrefill disclosed that it was the target of a cyberattack on March 1, 2026, which accessed roughly 18,500 purchase records and resulted in company funds being drained [1].

According to the company’s incident report, the attackers began by compromising an employee laptop and used an old credential to gain access to production systems, allowing them to escalate privileges and access wallets and other infrastructure [2] [3].

Bitrefill said the indicators point to a North Korea‑linked group (commonly associated with Lazarus/Bluenoroff) as the likely perpetrator, and the company has confirmed limited customer data exposure while investigations and remediation continue [2] [4] [3].

Bitrefill has published a detailed incident report and attributed the intrusion to a likely state‑linked actor; investigations and remediation efforts are ongoing as the company notifies affected parties [1] [2].

Was this useful?

Anonymous signal used only for weekly cluster rankings. No public counters.

Share

Broadcast this coverage

Copy-ready links for the networks your audience checks first.

Share on XPost this briefing to your X followers.Share on FacebookLet your network catch up on the latest intel.Share on BlueSkyStart a conversation on BlueSky.

Support independent reporting

If this summary helped, a small tip helps keep ClusterWire running.

Privacy note: we log tip UI events (page + action, and article slug when applicable) to improve the feature. We don’t store IP address, user-agent, or wallet addresses in analytics. Tips are on-chain, so the sending address is public in the transaction.

Source Ledger

Citations

Follow the primary reporting behind this analysis. Click a citation to open the referenced source in a new tab.

  1. 1
    Crypto Gift Card Issuer Bitrefill Discloses Hack, Assigns Blame to North Korea
    Bankless News, Research and AnalysisMar 17, 2026
  2. 2
    BREAKING: A Cryptocurrency Platform Has Announced It Was Hacked: North Korea Is Suspected
    Bitcoin SistemiMar 17, 2026
  3. 3
    Bitrefill Hack Linked to Lazarus Group – Here Is Why Crypto Security Risks Are Rising
    BlockNewsMar 17, 2026
  4. 4
    Bitrefill Addresses Attack Linked to North Korea, Confirms Limited Data Exposure
    Bitcoin.com NewsMar 17, 2026

Themes

Themes driving this story

Curated from the cluster of sources powering this article.

Security/HacksThemeAltcoinsThemeBitcoinThemeInfrastructure/DevThemeEthereumTheme
Live Wire

Latest Coverage

Real-time crypto intelligence ordered by publication time.

3h ago

Iran Proposes Crypto Toll of ~$1/Barrel for Loaded Oil Tankers in Strait of Hormuz, Sending BTC Higher

Iran plans to require cryptocurrency payments from fully loaded oil tankers transiting the Strait of Hormuz, according to reporting based on the Financial Times. Multiple outlet…

Read more
4h ago

White House economists: banning stablecoin rewards would barely boost bank lending and likely harm consumers

White House economists found a prohibition on stablecoin yields would have negligible effect on community-bank lending and could impose costs on consumers.

Read more
6h ago

Bybit's real-time systems stop cross-chain fake-deposit attack, averting potential loss of 1B+ DOT

Bybit says its Group Risk Control team detected and blocked coordinated fake deposit attacks, preventing potential losses of more than 1 billion DOT [2].

Read more
6h ago

New York Times investigation points to Adam Back as likely Satoshi Nakamoto, sparking wide crypto community debate

A New York Times reporter published a long-form investigation claiming that, after a year of reporting, he has identified the real person behind Bitcoin’s pseudonymous creator S…

Read more
6h ago

UBS-led group of Swiss banks launches secure sandbox to pilot CHF stablecoin payments and settlements

UBS and five Swiss banks will test Swiss franc stablecoin use cases in a secure digital sandbox.

Read more
7h ago

MEXC names Vugar Usi CEO to spearhead global expansion after strong growth and $1B returned

MEXC appointed Vugar Usi as its chief executive officer, saying the leadership change will drive a global “Infinite Opportunities” vision and support accelerated international e…

Read more