// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / Bitrefill
Breach Record

Bitrefill

DISCLOSED 2026-03-18 · STOLEN CREDS · 18,500 RECORDS EXPOSED

Bitrefill suffered a cyberattack linked to North Korea's Lazarus Group, resulting in the exposure of 18,500 customer records. The attackers gained access using compromised employee credentials. The breach highlights the risk of credential theft in the cryptocurrency sector.

The record

What we know

Disclosed
2026-03-18
Attack vector
Stolen Creds
Sector
cryptocurrency
Records exposed
18,500
Domain
bitrefill.com
Data classes exposed
customer records
ENDPOINT INVOLVED
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · partial · opinion

A positive-security model could have prevented unauthorized access from new or unusual endpoints after credential theft, but if the attacker used legitimate credentials from an approved endpoint, it might not have blocked the initial access.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the Bitrefill disclosure. It updates if new public reporting emerges. All tracked breaches →

Bitrefill just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →