04.07.2025 19:12

A sophisticated cyberattack targeting C&M Software, a crucial link between Brazilian banks and the Central Bank's PIX system, resulted in the theft of an estimated $140 million (R$800 million) from six financial institutions on June 30th. This audacious heist involved compromising C&M's internal systems, allowing the perpetrators to access and drain reserve accounts within a single day.

The attackers allegedly bribed a C&M employee for a mere R$15,000 (~$2,760) in exchange for login credentials. Exploiting this access, they skillfully employed social engineering techniques to penetrate the central bank's service infrastructure, ultimately targeting the reserve accounts of institutions including Banco BMF. The swift response from the Central Bank of Brazil, disconnecting C&M from the banking system, limited the damage but caused a temporary suspension of PIX services.

A significant portion of the stolen funds, estimated at $30 to $40 million, has already been laundered. According to on-chain investigator ZachXBT, this money was routed through Latin American over-the-counter (OTC) desks and exchanges, ultimately finding its way into Bitcoin, Ethereum, and Tether (USDT). This sophisticated laundering operation highlights the challenges in tracking and recovering cryptocurrency assets.

This incident echoes a recent attack on Coinbase, where compromised customer service agents were similarly bribed to divulge sensitive customer information. The parallels between these attacks underscore the increasing threat posed by insider threats and the vulnerability of financial systems to social engineering tactics. ZachXBT, a prominent blockchain forensics expert, is actively assisting Brazilian law enforcement in tracing the stolen crypto. While he intends to publicly release the relevant cryptocurrency addresses at an appropriate time to aid in asset recovery, the collaboration with authorities signifies a determined effort to recover the stolen funds. The ongoing investigation underscores the evolving challenges in combating increasingly sophisticated cybercrime targeting both traditional and cryptocurrency-based financial systems.