- Hackers breached six reserve accounts via C&M Software, extracting about $140M on June 30, 2025.
- Over $30M was laundered into crypto using OTC brokers and PIX-linked platforms.
- An insider sold credentials for R$ 15K, enabling real-time control via Notion.
Hackers stole approximately $140 million (R$ 800 million) by breaching reserve accounts of six Brazilian financial institutions through infrastructure provided by C&M Software, a technology supplier connected to the country’s Central Bank. The breach took place on June 30, 2025.
At least $30–40 million of the stolen funds were converted into cryptocurrencies, including Bitcoin, Ethereum, and Tether. The conversion was carried out via Latin American over-the-counter (OTC) brokers and crypto exchanges. Investigators suspect laundering routes tied to Brazil’s PIX payment infrastructure.
Brazilian law enforcement confirmed that the breach stemmed from internal compromise. A C&M Software employee, identified as João Nazareno Roque, admitted selling his corporate credentials to one of the attackers for R$ 5,000. The initial contact occurred in March, when the suspect showed detailed knowledge of Roque’s job. Later, Roque received an additional R$ 10,000 to execute commands inside the system. Instructions were delivered via the Notion platform, and payments were made in physical currency through a courier.
C&M Software Resumes Operations as Crypto Asset Recovery Efforts Continue
The Central Bank reacted by ordering C&M Software to suspend access temporarily. By July 3, the company resumed limited operations under supervision. The impacted reserve accounts belong to institutions that used C&M Software to interface with the Central Bank’s systems. The Central Bank’s internal infrastructure was not directly compromised.
Related Europe’s Central Bank Just Flipped – XRP Holders MUST Pay Attention
Law enforcement continues to trace the stolen funds. Several exchanges have received alerts requesting the freezing of crypto assets tied to the case. Some addresses remain under review, and asset recovery is ongoing.
Despite the breach’s scale, international media coverage has remained limited. In Brazil, the incident has triggered broader discussions on fintech cybersecurity, third-party provider risks, and regulatory oversight. C&M Software confirmed its cooperation with police. The case remains under active investigation.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
