C&M Software Cyberattack Results in $140 Million Theft from Brazilian Central Bank

Generated by AI AgentCoin World
Friday, Jul 4, 2025 4:42 pm ET1min read
BTC
--
ETH
--

On June 30, 2025, a significant cyberattack targeted C&M Software, a service provider for the Brazilian Central Bank. The breach allowed unauthorized access to six reserve accounts, resulting in the theft of approximately $140 million. The attackers exploited a vulnerability created by purchasing login information from an employee of C&M Software for a mere $2,760. This small investment enabled the hackers to gain access to millions of dollars worth of funds.

The stolen funds were swiftly converted into cryptocurrencies, including

Bitcoin
(BTC),
Ethereum
(ETH), and Tether (USDT). The hackers utilized over-the-counter (OTC) markets and cryptocurrency exchanges in Latin America to launder the money. According to blockchain investigators, roughly $30 million to $40 million of the stolen funds were converted into these digital assets. The use of OTC brokers and the PIX payment system facilitated the rapid conversion and transfer of the funds, making it difficult to trace the transactions.

The incident highlights the growing threat of cybercrime in the financial sector, particularly the vulnerability of financial institutions to attacks that exploit human error and weak security protocols. The hackers' ability to convert a significant portion of the stolen funds into cryptocurrencies underscores the challenges faced by law enforcement in tracking and recovering illicit funds. Despite the serious nature of the breach, the incident received limited media coverage outside of Brazil, raising concerns about the transparency and communication of such security incidents.

Cryptocurrency researcher ZachXBT has been instrumental in tracking the stolen funds and identifying the wallet addresses involved in the incident. ZachXBT's efforts have helped freeze some accounts and gather information on the OTC brokers conducting illegal transactions. The researcher has also pledged to share the wallet addresses related to the incident with the public at an appropriate time, aiming to assist in the recovery of the stolen funds and bring the perpetrators to justice.

The Brazilian Central Bank has taken immediate action in response to the breach, implementing measures to enhance security and prevent future incidents. The bank's swift response is crucial in restoring public trust and ensuring the integrity of the financial system. The incident serves as a reminder of the importance of robust cybersecurity measures and the need for continuous vigilance in protecting financial institutions from cyber threats.