Bitrefill, a Sweden-based crypto e-commerce platform, disclosed on Tuesday that it was hit by a cyberattack on March 1, 2026, in an incident the company suspects was carried out by hackers linked to North Korea’s Lazarus Group. According to a post-mortem report, the breach led to drained funds and exposed a subset of user information.
Incident Overview
In its post-mortem, Bitrefill said the attackers infiltrated its systems on March 1, resulting in the theft of company funds and the exposure of some user data. The firm did not immediately provide further technical details but characterized the event as a targeted intrusion.
Suspected Ties to Lazarus Group
Bitrefill attributed the attack to hackers believed to be associated with the Lazarus Group, a threat actor widely linked by governments and security researchers to North Korea. The group has been implicated in multiple high-profile cyber operations, including thefts from cryptocurrency platforms, due to the sector’s liquidity and cross-border nature.
Impact and Company Response
The company reported that only a subset of user information was exposed, though it did not specify the categories or number of affected accounts in the initial disclosure. Bitrefill said it has published a detailed post-incident analysis and is working to mitigate risks stemming from the breach. Further updates are expected as the investigation progresses.
About Bitrefill
Founded in Sweden, Bitrefill operates a crypto-focused e-commerce marketplace best known for enabling users to purchase gift cards and mobile top-ups using digital assets. The platform’s global footprint and crypto-native services have made it a notable player in the digital commerce ecosystem, and therefore a potential target for financially motivated threat actors.