Hackers stole $140 million from Brazil’s central bank infrastructure by bribing an employee of C&M Software, a key technology provider connecting financial institutions to the central bank’s reserve system. The breach occurred on June 30, 2025, when attackers used compromised credentials to siphon funds from six reserve accounts.
The Attack Vector
- Insider compromise: C&M employee João Nazareno Roque sold his corporate login for R$15,000 (~$2,770) and built a secondary access tool for an additional R$10,000
- Real-time control: Hackers manipulated transactions through Brazil’s PIX payment infrastructure, moving funds within hours.
Crypto Laundering
Approximately $30–40 million was converted to cryptocurrencies:
- Assets used: Bitcoin (BTC), Ethereum (ETH), and Tether (USDT).
- Laundering channels: Latin American OTC brokers and crypto exchanges, with transactions routed through Brazil, Argentina, and Paraguay.
- Obstacles: Large Brazilian OTC desks flagged suspicious transactions, complicating laundering efforts 2.
Response & Recovery
- Immediate action: Brazil’s central bank severed C&M’s connections post-breach, restoring services two days later 2 3.
- Funds frozen: Authorities recovered R$270 million ($49.8 million) and are tracking remaining assets 2.
- Investigation focus: Federal police are pursuing four accomplices while Roque remains in custody 2 3.
Systemic Vulnerabilities
The heist highlights critical risks in centralized financial infrastructure, where single-point failures enable large-scale theft. Similar to recent Coinbase breaches, it underscores how low-cost insider bribes can compromise high-security systems 4 3.
