A massive cybersecurity breach struck Brazil’s financial system on Wednesday, when hackers infiltrated C&M Software — the key service provider linking Brazil’s Central Bank to local banks — and stole over 800 million reais ($140 million) from six institutions connected to the central bank.
The breach was allegedly enabled by a C&M Software employee who sold his login credentials for just $2,700, according to São Paulo. These credentials granted hackers direct access to the software system that manages reserve accounts. Once inside, the attackers siphoned off funds from connected institutions without immediate detection.
Blockchain analyst ZachXBT reported that between $30 million and $40 million of the stolen funds were quickly converted to Bitcoin (BTC), Ether (ETH), and USD Tether (USDT). The laundered funds were moved through Latin American crypto exchanges and over-the-counter (OTC) trading platforms, complicating recovery efforts.
The breach underscores the growing risks associated with centralized digital infrastructure. Experts warn that single points of failure — such as a single set of credentials — can lead to catastrophic losses. According to Chainalysis, centralized crypto exchanges (CEXs) saw a notable rise in hacks in late 2024, as attackers increasingly target such vulnerable platforms.
Eran Barak, CEO of Shielded Technologies, said cybercriminals see high ROI in attacking centralized systems that hold vast troves of capital and data. He emphasized the importance of privacy tools and zero-knowledge proofs (ZKPs) in deterring future threats by decentralizing targets.
As cybersecurity threats escalate, experts are calling for a shift toward decentralized and privacy-preserving infrastructures to protect against increasingly sophisticated, AI-assisted hacking strategies.
