A cyberattack targeting a key infrastructure provider for Brazil’s Central Bank has spilled over into the crypto market, with an estimated $40 million in stolen funds converted to Bitcoin, Ethereum, and stablecoins, according to blockchain investigator ZachXBT.
The hack was one of Brazil’s largest financial cyberattacks to date. It compromised C&M Software, a technology firm that connects smaller banks and fintechs to central bank systems, including PIX, the country’s real-time payments platform.
Authorities say hackers gained access after a C&M employee, João Nazareno Roque, sold his corporate login credentials for the equivalent of $2,760.
According to local news outlet g1 Globo, Roque later helped build a system to enable the theft for an additional $1,800.
The attackers used these credentials to divert an estimated 800 million reais, around $140 million, from reserve accounts held by six financial institutions, exploiting the system through a supply chain attack.
ZachXBT reports that at least $30 to $40 million was laundered into major cryptocurrencies via Latin American over-the-counter trading desks and exchanges.
Brazilian authorities have reportedly frozen $50 million in an account linked to the heist, while the full extent of losses and laundering remains under investigation.
The Central Bank has since partially suspended C&M’s system access while authorities scramble to contain the fallout.
Kyle Baird is DL News’ Weekend Editor. Got a tip? Email at [email protected]