Hackers stole $140 million from Brazilian banks after a C&M employee gave attackers access to central bank systems.
Around $40 million in stolen funds was converted to crypto and moved through exchanges across Latin America.
Brazil's central bank cut ties with C&M then restored access after confirming core systems were not affected.
Hackers stole around 800 million Brazilian reais ($140 million) from six financial institutions on June 30. The breach targeted C&M Software, a firm that connects banks to Brazil’s Central Bank and the PIX payment system.
https://twitter.com/CryptoNewsHntrs/status/1941151415310970903
Authorities said a C&M employee gave attackers his login credentials in exchange for payments totaling about $4,600. He later created a second access point which helped the hackers issue unauthorized fund transfer instructions. The stolen funds were moved from central bank reserve accounts to commercial bank accounts.
Crypto Conversion and Cross-Border Transfers
Blockchain investigator ZachXBT estimated that $30 to $40 million was converted into Bitcoin, Ethereum, and USDT. The attackers used Latin American crypto exchanges and OTC platforms to launder the funds.
Funds were structured across exchanges in Brazil, Argentina, and Paraguay within hours of the initial breach. Some OTC desks flagged the activity due to unusually high amounts. Authorities are working with exchanges to freeze any remaining balances tied to the incident. The attack comes days after the country ended its crypto tax exemption and set a flat 17.5% rate on capital gains.
Swift Response from Regulators and Police
Following the attack, Brazil’s central bank ordered all institutions to disconnect from C&M Software immediately. Two days later, the bank restored connections after confirming that core systems were not compromised.
Police arrested the C&M employee involved and froze roughly R $270 million ($55 million) in linked assets. Investigators reported that the suspect changed phones every two weeks to avoid detection. Law enforcement is still tracing the remaining funds and looking for additional suspects.
Brazilian prosecutors and on-chain analysts are coordinating to block wallets and trace digital transactions. The investigation remains under federal oversight.
Centralized Systems Under Increased Threat
Security experts have cautioned that centralized digital systems are still at risk of insider threats and social engineering. This breach demonstrates how a single infiltrated login can lead to massive theft.
The rise of artificial intelligence has also made such attacks easier to execute and harder to detect. In 2024 and early 2025, hacks on centralized crypto exchanges increased significantly.
Cybercriminals now target platforms with single points of failure to maximize returns. CertiK reported $2.5 billion in losses from crypto-related hacks and scams in early 2025. Most of these incidents occurred on Ethereum and Bitcoin networks.
Authorities in Brazil may now tighten access rules for vendors connecting to the central bank. Changes to PIX and reserve account systems are also under consideration as the probe continues.
