Hackers Steal $140 Million From Brazilian Banks Via C&M Software Breach

Generated by AI AgentCoin World
Friday, Jul 4, 2025 1:27 pm ET1min read
BTC
--
ETH
--

Hackers successfully breached six reserve accounts via C&M Software, a technology supplier connected to Brazil’s Central Bank, extracting approximately $140 million on June 30, 2025. The breach involved a sophisticated attack that compromised the infrastructure provided by C&M Software, allowing the hackers to gain unauthorized access to the reserve accounts of several Brazilian

financial institutions
.

Of the stolen funds, at least $30-40 million was converted into cryptocurrencies, including

Bitcoin
,
Ethereum
, and Tether. The conversion was facilitated through Latin American over-the-counter (OTC) brokers and crypto exchanges. Investigators suspect that the laundering routes were tied to Brazil’s PIX payment infrastructure, which is widely used for digital transactions in the country.

The breach was traced back to an internal compromise within C&M Software. An employee, identified as João Nazareno Roque, admitted to selling his corporate credentials to one of the attackers for R$ 5,000. The initial contact occurred in March, when the suspect demonstrated detailed knowledge of Roque’s job. Later, Roque received an additional R$ 10,000 to execute commands inside the system. Instructions were delivered via the Notion platform, and payments were made in physical currency through a courier.

The Central Bank responded swiftly by ordering C&M Software to suspend access temporarily. By July 3, the company resumed limited operations under supervision. The impacted reserve accounts belong to institutions that used C&M Software to interface with the Central Bank’s systems. The Central Bank’s internal infrastructure was not directly compromised, indicating that the breach was contained to the third-party supplier.

Law enforcement continues to trace the stolen funds, with several exchanges receiving alerts requesting the freezing of crypto assets tied to the case. Some addresses remain under review, and asset recovery efforts are ongoing. Despite the significant scale of the breach, international media coverage has remained limited. In Brazil, the incident has sparked broader discussions on fintech cybersecurity, third-party provider risks, and regulatory oversight. C&M Software has confirmed its cooperation with police, and the case remains under active investigation.