Brazilian Banking System Suffers $180M Hack in Largest Cyberattack, Funds Diverted via Bitcoin and USDT
Published at:2025年07月04日 08:30
Views:536
In a landmark cybersecurity breach, hackers infiltrated Brazil's financial infrastructure on Monday, siphoning approximately R$1 billion (~$180 million) from reserve accounts. Authorities have classified this as the most significant cyberattack in the nation's banking history.
According to Brazil Journal, the attackers exploited vulnerabilities in C&M Software, a Central Bank-approved service provider managing API connections for Brazilian financial institutions. The breach enabled unauthorized access to multiple bank accounts, including those of banking-as-a-service provider BMP.
Federal Police sources confirmed the attack represents a major compromise of Brazil's national payment system, with stolen funds being rapidly funneled through cryptocurrency exchanges and over-the-counter desks for conversion into Bitcoin and USDT. The Central Bank immediately disconnected C&M from the financial network while investigators worked overnight to assess the damage.
C&M Software acknowledged in a statement to Valor Econômico that it fell victim to criminal activity involving improper use of client credentials. The hackers leveraged C&M's role as a messaging gateway for Brazil's Instant Payment System (PIX), gaining access to critical transfer protocols linking banks, fintechs, and payment processors to national financial infrastructure.
Post-theft, the attackers moved swiftly to convert illicit gains through PIX-integrated cryptocurrency channels. SmartPay CEO Rocelo Lopes reported detecting unusual transaction patterns and implementing enhanced verification measures for USDT and Bitcoin purchases. "Substantial funds were intercepted, with recovery processes initiated for affected institutions," Lopes stated, noting that multiple OTC desks had blocked the hackers' transactions.
While blockchain monitoring tools identified substantial transfers to various crypto firms, the exact amount successfully laundered remains under investigation. BMP confirmed its customers were unaffected, stating the breach exclusively targeted Central Bank reserve accounts, with adequate collateral available to cover losses.
This incident highlights growing concerns about cryptocurrency's role in facilitating large-scale financial crimes. The Financial Action Task Force has recently warned about stablecoins' increasing attractiveness to criminal networks, calling for enhanced global regulatory coordination to address money laundering risks through digital assets.
The Brazilian heist follows a global pattern of crypto-enabled financial crimes, including North Korea's $1.46 billion ByBit exchange hack and China's exposure of a $136 million digital currency laundering network. Authorities worldwide continue grappling with hybrid attacks that exploit traditional financial systems while utilizing cryptocurrency networks for fund diversion.
Brazilian law enforcement is currently tracing the stolen assets across blockchain networks and collaborating with international counterparts to freeze funds and identify the perpetrators behind this unprecedented financial cyberattack.
According to Brazil Journal, the attackers exploited vulnerabilities in C&M Software, a Central Bank-approved service provider managing API connections for Brazilian financial institutions. The breach enabled unauthorized access to multiple bank accounts, including those of banking-as-a-service provider BMP.
Federal Police sources confirmed the attack represents a major compromise of Brazil's national payment system, with stolen funds being rapidly funneled through cryptocurrency exchanges and over-the-counter desks for conversion into Bitcoin and USDT. The Central Bank immediately disconnected C&M from the financial network while investigators worked overnight to assess the damage.
C&M Software acknowledged in a statement to Valor Econômico that it fell victim to criminal activity involving improper use of client credentials. The hackers leveraged C&M's role as a messaging gateway for Brazil's Instant Payment System (PIX), gaining access to critical transfer protocols linking banks, fintechs, and payment processors to national financial infrastructure.
Post-theft, the attackers moved swiftly to convert illicit gains through PIX-integrated cryptocurrency channels. SmartPay CEO Rocelo Lopes reported detecting unusual transaction patterns and implementing enhanced verification measures for USDT and Bitcoin purchases. "Substantial funds were intercepted, with recovery processes initiated for affected institutions," Lopes stated, noting that multiple OTC desks had blocked the hackers' transactions.
While blockchain monitoring tools identified substantial transfers to various crypto firms, the exact amount successfully laundered remains under investigation. BMP confirmed its customers were unaffected, stating the breach exclusively targeted Central Bank reserve accounts, with adequate collateral available to cover losses.
This incident highlights growing concerns about cryptocurrency's role in facilitating large-scale financial crimes. The Financial Action Task Force has recently warned about stablecoins' increasing attractiveness to criminal networks, calling for enhanced global regulatory coordination to address money laundering risks through digital assets.
The Brazilian heist follows a global pattern of crypto-enabled financial crimes, including North Korea's $1.46 billion ByBit exchange hack and China's exposure of a $136 million digital currency laundering network. Authorities worldwide continue grappling with hybrid attacks that exploit traditional financial systems while utilizing cryptocurrency networks for fund diversion.
Brazilian law enforcement is currently tracing the stolen assets across blockchain networks and collaborating with international counterparts to freeze funds and identify the perpetrators behind this unprecedented financial cyberattack.
Related Tags
Brazil
cyberattack
cryptocurrency
banking
money laundering