Brazil's Largest Cyberattack: Hackers Steal $180 Million via PIX System

Criminal hackers exploited a critical vulnerability in a Brazilian banking infrastructure on Monday, stealing over R$1 billion (~$180 million) from reserve accounts in what authorities called the largest cyberattack in the country’s financial history. The breach occurred through C&M Software, a Central Bank-authorized service provider that handles API connections for financial institutions in Brazil. This allowed attackers to gain access to multiple bank accounts, including those of banking-as-a-service provider BMP.

Federal Police sources confirmed that the breach was a massive infiltration of Brazil’s national payment system. Stolen funds were immediately routed through cryptocurrency exchanges and over-the-counter desks in an attempt to convert the money into Bitcoin and USDT. Central Bank technicians worked through the night to investigate the incident after C&M was immediately disconnected from the financial system. Multiple crypto service providers blocked suspicious transactions and froze accounts linked to the attack.

C&M Software confirmed in a statement that it was “a direct victim of criminal action, which included the improper use of customer credentials to attempt to fraudulently access its systems and services.” The attackers exploited C&M’s role as a messaging gateway for Brazil’s Instant Payment System (PIX), gaining unauthorized access to transfer protocols that connect banks, fintechs, and payment processors to the national financial infrastructure.

Immediately after the theft, the attackers began moving the stolen funds to cryptocurrency providers integrated with PIX, attempting to purchase USDT and Bitcoin through exchanges, gateways, and OTC desks. SmartPay CEO Rocelo Lopes noted in a statement that his company “detected that there was a problem at 00:18 on June 30, due to the atypical movement on both platforms” and automatically raised validation filters on USDT and Bitcoin purchases. “Large sums of money were withheld and, at the same time, the process of returning them to the institutions involved was carried out,” Lopes explained, adding that many crypto OTC desks denied registration and operations by the hackers.

Industry sources revealed that blockchain monitoring tools detected significant transactions to various cryptocurrency companies, although the exact amount successfully converted to digital assets remains under investigation. Despite the gravity of the attack, BMP emphasized in its official statement that “no BMP customer was impacted or had their funds accessed,” clarifying that the attack “exclusively involved funds deposited in its reserve account at the Central Bank” and that the institution “has sufficient collateral to fully cover the impacted amount.”

This attack adds to the growing concern of crypto’s expanding role as an exit ramp for traditional financial crimes, with digital assets providing liquidity and pseudo-anonymity that cash cannot match at scale. Stablecoins have become particularly attractive to illicit networks, with the Financial Action Task Force recently warning that their use by criminal organizations poses growing risks without coordinated global regulation.

The Brazilian heist follows a pattern of major crypto-related thefts this year, including North Korea’s record $1.46 billion ByBit exchange hack and Chinese police uncovering a $136 million laundering network that used digital currencies for cross-border transfers. Global regulators are struggling to keep pace with these hybrid attacks, where traditional banking systems are breached but digital assets provide the escape route. Recent enforcement actions, such as OKX’s $505 million settlement for anti-money laundering violations, have particularly focused on the role of crypto platforms in facilitating illicit fund flows.

Looking forward, the Brazilian authorities are taking steps to trace the stolen funds across multiple blockchain networks while coordinating with international partners to freeze assets and identify the perpetrators behind the country’s most significant financial cyberattack.