The hack is linked to the compromise of an employee of the software provider C&M Software.
About $140 million was stolen from reserve accounts of six banks.
Funds were laundered through Bitcoin, Ethereum, and USDT on Latin platforms.
Hackers stole about $140 million from reserve accounts associated with the Central Bank of Brazil. This occurred after an attack on C&M Software — the company that provides communication between the regulator and local financial institutions.
According to preliminary data, one of the C&M employees sold his credentials for the equivalent of $2700, which allowed the attackers to gain access to internal systems. Through this access, they withdrew funds from six institutions interacting with the central bank.
Partially stolen funds were transferred to Bitcoin $BTC , Ethereum $ETH and stablecoins USDT. The funds were laundered through over-the-counter platforms and exchanges in Latin America. This was reported by crypto detective ZachXBT.
According to several experts, the incident highlighted the high vulnerability of centralized software solutions, especially in financial infrastructure. Analysts claim that such systems with a single point of failure become easy targets, especially against the backdrop of the development of AI tools that simplify hacking.
The CEO of Shielded Technologies, Eran Barak, previously noted that cybercrime is becoming increasingly profitable when attacking centralized databases. In his opinion, such targets are much more attractive than decentralized systems, where an attack on one user does not yield a large-scale effect.
As Barak pointed out, the transition to secure blockchain solutions and the application of privacy technologies can significantly reduce the motivation for attacks — due to the sharply declining expected profits for hackers.
The Central Bank of Brazil and C&M have not officially commented on the scale of the damage; the investigation is ongoing. Authorities are examining the extent of internal involvement and possible cybersecurity violations by the contractor.
