Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Bitrefill hit by network compromise

Incident
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

Bitrefill suffered a cyberattack that forced its website and app offline and left restoration still in progress, making it the platform’s most serious security event to date. The attack mattered because it reached into production secrets, crypto wallets, and exposed customer purchase records, even though user balances were not affected. Investigators tied the intrusion to a compromised employee laptop and stolen credentials.

Related Happenings

North American cryptocurrency company hit by network compromise

Incident
First: 28.04.2026 11:00 Last: 28.04.2026 11:00 Sources 1

About this happening: A **North American cryptocurrency company** suffered a **multi-stage intrusion** that began on **January 23, 2026**, and the attackers kept access for **66 days**. The foothold ca...

Open Happening

Drift Protocol hit by cyberattack

Incident
First: 02.04.2026 22:03 Last: 02.04.2026 22:03 Sources 1

About this happening: **Drift Protocol** disclosed a **security-council takeover** that drained **at least $280 million** and left its protocol functions essentially frozen. The attacker used **durable...

Latest development: 06.04.2026 19:35

Elliptic and TRM Labs attributed the $280+ million theft from Drift Protocol to North Korean hackers, and Drift said its findings point with medium-high confidence to UNC4736 (AppleJeus/Labyrinth Chollima). The investigation also said the attackers spent at least six months building a functioning operational presence inside the Drift ecosystem, posing as a quantitative firm, meeting Drift contributors at crypto conferences in multiple countries, and continuing discussions over Telegram.

Open Happening

Bitrefill customer purchase records customer data exposed after Bitrefill breach

Data Leak
First: 19.03.2026 19:08 Last: 19.03.2026 19:08 Sources 1

How related: About 18,500 purchase records containing customer email addresses, IP addresses, and cryptocurrency payment addresses were exposed in the breach.

About this happening: **Bitrefill** suffered a **data leak** that exposed about **18,500 purchase records**, putting customer email addresses, IP addresses, and cryptocurrency payment addresses at risk...

Open Happening

Timeline

  1. 19.03.2026 19:08 1 articles · 2mo ago

    Bitrefill detects suspicious activity on its website and app

    Exploitation Observed

    Bitrefill observed access problems affecting its website and app on March 1, 2026, alongside suspicious supplier purchasing patterns, gift card stock exploitation, and drains from some hot wallets.

    Show sources
    Open in new tab
  2. 19.03.2026 19:08 1 articles · 2mo ago

    Bitrefill takes services offline after finding a security issue

    Mitigation Patch Update

    A day later, Bitrefill identified a security issue and took all services offline while containment and restoration work began.

    Show sources
    Open in new tab
  3. 19.03.2026 19:08 2 articles · 2mo ago

    Bitrefill details investigation findings tied to Bluenoroff / Lazarus

    Technical Analysis Update

    On March 19, 2026, Bitrefill said indicators from the investigation, including the modus operandi, the malware used, on-chain tracing, and reused IP + email addresses, matched past DPRK Lazarus / Bluenoroff activity, said the intrusion began on a compromised employee's laptop, described escalation into production secrets, parts of the database, and some cryptocurrency wallets, and reported exposure of about 18,500 purchase records and 1,000 purchases with customer names.

    Show sources
    Open in new tab