The theft occurred after the hackers allegedly compromised an employee of C&M, a software service provider, by buying the employee’s login credentials.
C&M Software, the service provider that connects Brazil’s Central Bank to local banks and other financial institutions, was hacked on Wednesday, leading to 800 million Brazilian reais ($140 million), in stolen funds from six institutions connected to the central bank.
The hack occurred after an employee of C&M allegedly sold his login credentials to the threat actor for roughly $2,700, allowing them to access the software system and steal funds held in reserve accounts, according to Brazilian news outlet São Paulo.
Onchain detective ZachXBT said the hackers converted an estimated $30 million to $40 million of the stolen funds to Bitcoin (BTC), Ether (ETH) and USDt (USDT), which they laundered through Latin American exchanges and over-the-counter (OTC) trading platforms.
The incident highlights the growing risk of cybersecurity threats facing centralized software systems and servers, where single points of failure can lead to significant financial losses or the theft of sensitive data.
