- Hackers stole $140 million from six Brazilian banks through C&M Software, and an employee sold his login credentials for R$15,000.
- Criminals converted $30-40 million into cryptocurrency and used Latin American exchanges to hide the money.
- The Central Bank temporarily shut down C&M Software, but operations resumed under supervision while police investigated.
Cybercriminals stole approximately $140 million from six Brazilian financial institutions on June 30, 2025, exploiting vulnerabilities in C&M Software’s infrastructure. The technology supplier, which connects banks to Brazil’s Central Bank systems, suffered a devastating breach that exposed reserve accounts across multiple institutions.
The attack represents one of Brazil’s largest financial cybercrimes in recent years. Criminal organizations targeted the third-party provider rather than attacking banks directly, highlighting critical vulnerabilities in the country’s financial technology ecosystem.
Insider Threat Enables Massive Breach
The breach originated from an internal compromise at C&M Software. João Nazareno Roque, a company employee, admitted selling his corporate credentials to attackers for R$5,000 in March 2025. The initial contact revealed sophisticated planning, with suspects demonstrating detailed knowledge of Roque’s position and responsibilities.
Roque received an additional R$ 10,000 to execute specific commands within the system. Instructions arrived through the Notion platform, while payments were delivered in physical currency via courier services. This method avoided digital payment trails that could alert authorities.
The employee’s access gave criminals legitimate pathways into C&M Software’s systems. They exploited these credentials to breach reserve accounts belonging to financial institutions that relied on C&M’s infrastructure for Central Bank communications.
Cryptocurrency Conversion Complicates Recovery Efforts
At least $30-40 million of the stolen funds underwent conversion into cryptocurrencies, including Bitcoin, Ethereum, and Tether. Criminals utilized Latin American over-the-counter brokers and crypto exchanges to obscure transaction trails. Investigators suspect connections to money laundering networks operating through Brazil’s PIX payment infrastructure.
Law enforcement agencies have contacted multiple cryptocurrency exchanges, requesting the freezing of digital assets linked to the case. Several wallet addresses remain under active investigation as authorities work to trace the stolen funds across blockchain networks.
The Central Bank responded by temporarily suspending C&M Software’s access to its systems. Operations resumed under strict supervision on July 3, 2025, with enhanced monitoring protocols. The Central Bank confirmed its internal infrastructure remained secure throughout the incident.
C&M Software has pledged full cooperation with ongoing police investigations. The company implemented additional security measures and underwent comprehensive system audits before resuming operations.
The incident has sparked widespread debate about cybersecurity standards for financial technology providers in Brazil. Regulatory authorities are reviewing oversight mechanisms for third-party companies that interface with critical banking infrastructure.
Disclaimer
The content shared on KryptoVaultDaily is for informational purposes only and does not constitute financial or trading advice. We do not offer guarantees and assume no responsibility for investment decisions based on the material provided. Always research and seek guidance from a licensed financial advisor before trading cryptocurrency or investing.
