A hacker attack on Brazil’s Central Bank resulted in the theft of approximately $140 million from the reserve accounts of six financial institutions. The incident was made possible by the compromise of an employee at C&M Software, which provides software for interaction between the bank and local financial organizations.
This is reported by Finway
How the Attack Occurred and the Methods of Money Laundering
According to preliminary information, one of the employees at C&M Software sold their credentials for the equivalent of $2,700. This move granted hackers access to internal systems and allowed them to transfer funds from six banks that collaborate with the central bank. Part of the stolen money was converted into Bitcoin, Ethereum, and USDT stablecoins, after which it was laundered through over-the-counter platforms and exchanges located in Latin America.
“Part of the stolen funds was converted into Bitcoin, Ethereum, and USDT stablecoins. The money was laundered through over-the-counter platforms and exchanges in Latin America. This was reported by crypto detective ZachXBT.”
Expert Reactions and Next Steps
Cybersecurity experts point out that this case once again demonstrates the vulnerability of centralized software solutions, especially in the financial infrastructure sector. Analysts emphasize that systems with a single point of failure are becoming increasingly attractive targets for criminals, particularly due to the rapid development of artificial intelligence tools that simplify the execution of attacks.
Eran Barak, CEO of Shielded Technologies, highlighted that cyberattacks on centralized databases are becoming more profitable for malicious actors. In his opinion, decentralized systems are less attractive targets, as compromising one user does not lead to mass losses. Barak also noted that the implementation of secure blockchain solutions and privacy technologies could significantly reduce hackers’ interest in such attacks by decreasing potential profits.
As of July 2025, Brazil’s Central Bank and C&M Software have not officially commented on the losses, and the investigation is ongoing. Authorities are analyzing the level of internal involvement and cybersecurity compliance on the part of the contractor.
It is also worth mentioning that recently in Brazil, three organizers of a cryptocurrency pyramid scheme were sentenced to 171 years in prison.