On June 30, hackers stole approximately 140 million USD from six Brazilian financial institutions through vulnerabilities at the software service provider C&M.
The incident was discovered, and Brazilian authorities are urgently coordinating to recall and investigate the cause, while temporarily suspending the operations of this provider to prevent further risks.
MAIN CONTENT
140 million USD was stolen through software connecting the central bank and Brazilian banks.
Approximately 30-40 million USD of the stolen money was converted into cryptocurrencies through OTC platforms and exchanges.
The incident arose from an internal employee selling access account credentials, posing severe cybersecurity risks to the financial system.
How was the theft of 140 million USD in Brazil discovered?
According to information from the Central Bank of Brazil and law enforcement, the theft occurred when hackers successfully exploited a vulnerability in C&M's software system – the unit connecting the central bank with many local financial institutions. Between 30 to 40 million USD of this amount was quickly converted into cryptocurrencies such as Bitcoin, Ethereum, and Tether, using OTC platforms and exchanges in the region.
Moreover, Brazilian authorities suspect a money laundering route related to the PIX payment system, an instant money transfer platform developed by the central bank to enhance the speed and convenience of financial transactions.
How did the incident originate from an internal source?
An investigation by Brazil's federal police confirms that the incident resulted from an insider attack. João Nazareno Roque, a software employee at C&M, admitted to selling the company's private login information to hackers for 5,000 R$, as well as receiving an additional 10,000 R$ to execute the operation to seize a large amount of money within the system.
"Cybersecurity is not just a technical issue but also depends on strict compliance with processes and people. Insider threats are the biggest danger in this field."
Mr. Luiz Alves, Director of Cybersecurity, Brazilian Fintech Council, 2024
Information from the case shows that the criminals began approaching Roque in March, with a reliable understanding of his work helping the hackers manipulate the system more easily.
Impacts and lessons from the theft of 140 million USD
This event can be seen as an important wake-up call for the fintech industry regarding risks from third-party providers and internal security. Brazil's central bank has largely suspended C&M's operations to prevent further losses while enhancing oversight and cybersecurity efforts.
"For the development of digital finance, we must agree to build a robust security ecosystem, thoroughly preventing risks from all sides."
Mariana Silva, Deputy Governor of the Central Bank of Brazil, June 2024
The case is under thorough investigation, with the aim of ending cyber crimes to protect the financial system and users.
What preventive measures and security improvements should be applied?
Cybersecurity experts recommend enhancing access control processes, training employees on insider risks while implementing technologies to monitor unusual activities in the system. Strict compliance with international security standards, along with regular audits, helps mitigate risks from internal sources and external vulnerabilities.
Frequently Asked Questions
How does the theft of 140 million USD impact Brazil's financial security?
The incident clarifies vulnerabilities in third-party provider management, prompting the need to upgrade comprehensive financial security measures.What role do cryptocurrencies play in money laundering?
About 30-40 million USD that was stolen has been converted into cryptocurrencies, helping hackers easily conceal the origin of the money.Who caused this security incident?
According to the investigation, an internal employee of C&M sold access accounts to hackers and executed the seizure orders.What did the Central Bank of Brazil do after the incident?
The bank temporarily suspended C&M's operations largely and coordinated with the police for investigation while enhancing security oversight.How to prevent similar attacks?
Enhance employee training, strictly control access rights, and implement technology to monitor unusual behavior.
Source: https://tintucbitcoin.com/brazil-dieu-tra-rua-tien-140-trieu-usd/
Thank you for reading this article!
Please Like, Comment, and Follow TinTucBitcoin to stay updated with the latest news in the cryptocurrency market and not miss any important information!
