C&M Software Hit by $140 Million Cyberattack, Funds Converted to Crypto

On June 30, 2025, C&M Software, a provider for Brazil’s Central Bank, experienced a significant cyberattack resulting in the theft of approximately $140 million. The breach was facilitated through an insider threat, where João Nazareno Roque, an employee, sold credentials and built exploit tools to gain unauthorized access to the system. This incident underscores the vulnerabilities in financial systems and the broader implications for financial and security sectors.

The cyberattack impacted six financial institutions, prompting the Central Bank of Brazil to suspend C&M Software’s platform access for all institutions immediately post-incident. This measure was taken to contain the damage and ensure system security. The Central Bank noted, "We issued instructions to suspend C&M Software’s platform access for all institutions immediately post-incident to contain the damage and ensure system security."

Brazilian authorities have since frozen $50 million linked to the incident, continuing their investigation to uncover the full network involved. The stolen funds, amounting to between 400 and 800 million BRL (up to $142 million), were rapidly converted into cryptocurrencies such as Bitcoin, Ethereum, and Tether through over-the-counter (OTC) operations across Latin America. This swift conversion made the funds difficult to trace, highlighting the challenges in tracking and recovering stolen funds in digital transactions.

C&M Software CEO Orli Machado acknowledged the severity of the breach, stating that it exposed serious vulnerabilities in the handling of sensitive financial data. The incident underscores the need for enhanced cybersecurity measures and stricter regulations on digital transactions to prevent similar attacks in the future. The attack on C&M Software serves as a stark reminder of the growing threat of cyberattacks on financial institutions. The use of stolen credentials and the rapid conversion of stolen funds into cryptocurrencies demonstrate the sophistication of modern cybercriminals.

Financial institutions must prioritize cybersecurity and implement comprehensive measures to protect sensitive data and prevent unauthorized access. The incident also highlights the need for international cooperation in combating cybercrime, as the stolen funds were laundered through OTC operations across Latin America. Regulatory bodies are showing increased interest in monitoring and safeguarding against similar breaches, which may lead to stricter regulatory measures and enhanced security protocols across financial institutions in Brazil and potentially globally.