Bitrefill
Summary
Bitrefill is a Stockholm-based cryptocurrency e-commerce platform founded in 2014 that allows users to purchase digital gift cards, eSIMs, and mobile top-ups using Bitcoin and other cryptocurrencies across more than 100 countries. On March 1, 2026, Bitrefill suffered a significant cyberattack attributed to the North Korea-linked Lazarus Group (Bluenoroff subunit), in which attackers compromised an employee laptop, escalated access via legacy credentials, drained hot wallets, and exposed approximately 18,500 customer purchase records. Bitrefill stated it would cover all financial losses from operational capital and characterized this as the platform's first major security incident in over a decade of operation.
Connected Entities
1 entities · 10 linked investigationsTimeline(7 events)
2014-01-01
Bitrefill founded in Stockholm, Sweden (formerly incorporated as Pupot AB) by Sergej Kotliar and co-founders
Crunchbase / Tech.eu2019-06-13
Bitrefill raises $2 million seed round led by Coin Ninja, with participation from Charlie Lee, Fulgur Ventures, and BnkToTheFuture; total disclosed funding reaches approximately $2.35 million
Tech.eu2026-03-01
Cyberattack begins: attackers compromise an employee laptop, exfiltrate legacy credentials, escalate to production secrets, drain hot wallets, and access approximately 18,500 purchase records; Bitrefill detects intrusion via anomalous supplier purchasing patterns and takes all systems offline
CoinDesk / BleepingComputer / The Record2026-03-02
Bitrefill publicly discloses a security breach and begins taking services offline; announces investigation is underway
BleepingComputer2026-03-05
Most Bitrefill systems — including payments, stock management, and user accounts — reported restored to normal operation
The Record2026-03-17
Bitrefill publishes formal incident report on X (formerly Twitter), attributing the attack to DPRK Lazarus Group / Bluenoroff based on malware signatures, on-chain tracing, and reused attacker infrastructure
CoinDesk / Decrypt / BleepingComputer2026-03-18
Major media coverage of Bitrefill's Lazarus Group attribution published, including CoinDesk, BleepingComputer, The Record, and Decrypt; Bitrefill states losses will be covered from operational capital and sales volumes have normalized
CoinDeskDecision Log
- hash: 8QFz5QStvC2PQ2KoGgTtyLAqfba1eLHxmt6G7zNv3mT
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 6/4/2026, 3:35:33 AM
last updated: 6/4/2026, 3:35:58 AM
avoid.net — verified advice for a post-truth world