Bitrefill details 1 March 2026 cyberattack that emptied hot wallets and exposed 18,500 records

On 1 March 2026, Bitrefill reported a cyber incident in which attackers drained funds from its hot wallets and accessed parts of its infrastructure. The breach involved misuse of its gift card supply system and exposed around 18,500 purchase records, including email and crypto payment addresses. Bitrefill said it has restored most services, will cover the losses from operational capital, and has tightened security controls after the attack.