Hackers Steal 800 Million Reais From Brazilian Banks Via Insider Access

Hackers successfully stole approximately 800 million Brazilian reais ($140 million) from six financial institutions on June 30. The breach targeted C&M Software, a firm that connects banks to Brazil’s Central Bank and the PIX payment system. The attack was facilitated by a C&M employee who provided attackers with his login credentials in exchange for payments totaling about $4,600. This access allowed the hackers to issue unauthorized fund transfer instructions, moving the stolen funds from central bank reserve accounts to commercial bank accounts.

Around $40 million of the stolen funds was converted into cryptocurrencies such as Bitcoin, Ethereum, and USDT. The attackers utilized Latin American crypto exchanges and over-the-counter (OTC) platforms to launder the funds. The funds were quickly structured across exchanges in Brazil, Argentina, and Paraguay, with some OTC desks flagging the activity due to unusually high amounts. Authorities are collaborating with exchanges to freeze any remaining balances tied to the incident. This attack occurred just days after the country ended its crypto tax exemption and implemented a flat 17.5% rate on capital gains.

In response to the breach, Brazil’s central bank immediately ordered all institutions to disconnect from C&M Software. Two days later, the bank restored connections after confirming that core systems were not compromised. Police arrested the C&M employee involved and froze approximately R $270 million ($55 million) in linked assets. Investigators reported that the suspect frequently changed phones to avoid detection. Law enforcement continues to trace the remaining funds and search for additional suspects. Brazilian prosecutors and on-chain analysts are coordinating to block wallets and trace digital transactions, with the investigation remaining under federal oversight.

Security experts have warned that centralized digital systems remain vulnerable to insider threats and social engineering. This breach highlights how a single compromised login can result in significant financial losses. The rise of artificial intelligence has made such attacks easier to execute and harder to detect. In 2024 and early 2025, there was a notable increase in hacks on centralized crypto exchanges. Cybercriminals are increasingly targeting platforms with single points of failure to maximize their returns. CertiK reported $2.5 billion in losses from crypto-related hacks and scams in early 2025, with most incidents occurring on Ethereum and Bitcoin networks.

In light of this incident, authorities in Brazil may implement stricter access rules for vendors connecting to the central bank. Changes to the PIX and reserve account systems are also under consideration as the investigation continues. This breach underscores the need for enhanced security measures and vigilance in protecting financial systems from sophisticated cyber threats.