A hacker attack on C&M Software led to the theft of USD 140 million from reserve accounts linked to the Central Bank of Brazil.
Hackers stole some 800 million Brazilian reals ($140 million) from six reserve accounts linked to Brazil's Central Bank, in one of the largest computer thefts in the country's history.
After gaining access to C&M Software, a São Paulo-based software provider, the breach occurred on 30 June.
The authorities suspect that an inside accomplice made the attack possible. According to reports, a C&M employee, João Nazareno Roque, allegedly sold the company's login credentials for 15,000 Brazilian reals (USD 2,770). He would later also create and sell a backdoor access tool for an additional 10,000 reals ($1,850).
Through this access, the hackers gained full control of C&M's infrastructure. They then sent unauthorised instructions to transfer funds, moving money from the Central Bank's interbank reserve accounts to accounts linked to regional exchanges and over-the-counter (OTC) desks.
According to blockchain investigator ZachXBT, between $30 million and $40 million of the stolen money has already been converted into digital assets such as Bitcoin, Ethereum and USDT. Analysts and on-chain investigators are now collaborating to trace the remaining funds and freeze suspicious wallets.
In response to the breach, the Central Bank of Brazil ordered all institutions using C&M to immediately log off the platform. As no critical systems were compromised, the company was given the green light to resume operations two days later.
Kamal Zogheib, C&M's commercial director, emphasised that the attack involved fake customer credentials and not a technical vulnerability. The company is cooperating with São Paulo law enforcement agencies and the Federal Police.
The banking platform BMP, one of the affected vendors, said that customer deposits were not affected, but only its own reserve account was affected.
Currently, Brazilian authorities are searching for at least four other suspects and have frozen about 270 million reais ($49.8 million). Roque is still detained in São Paulo. According to investigators, he regularly changed phones to evade tracking.
Further investigations revealed that the stolen money was quickly transferred through exchanges in Brazil, Argentina and Paraguay. Large sums were laundered into cryptocurrency through OTC brokers within three hours. Some OTC desks reportedly flagged the suspicious activity, thus preventing the attackers from converting the stolen money within Brazil.
The Central Bank has hinted that stricter security controls may soon be introduced for platforms connected to reserve accounts and the PIX payments system, although no new rules have yet been announced.
The investigation is still ongoing under federal supervision, with the priority being to recover the funds and identify others responsible for the breach.
Eleven Drainer, a new phishing-as-a-service, is expanding its business. Despite the sophistication of the attacks, human error remains the main weakness. The defence lies in user discipline.
Hackers stole some 800 million Brazilian reals ($140 million) from six reserve accounts linked to Brazil's Central Bank, in one of the largest computer thefts in the country's history.
After gaining access to C&M Software, a São Paulo-based software provider, the breach occurred on 30 June.
The authorities suspect that an inside accomplice made the attack possible. According to reports, a C&M employee, João Nazareno Roque, allegedly sold the company's login credentials for 15,000 Brazilian reals (USD 2,770). He would later also create and sell a backdoor access tool for an additional 10,000 reals ($1,850).
Through this access, the hackers gained full control of C&M's infrastructure. They then sent unauthorised instructions to transfer funds, moving money from the Central Bank's interbank reserve accounts to accounts linked to regional exchanges and over-the-counter (OTC) desks.
According to blockchain investigator ZachXBT, between $30 million and $40 million of the stolen money has already been converted into digital assets such as Bitcoin, Ethereum and USDT. Analysts and on-chain investigators are now collaborating to trace the remaining funds and freeze suspicious wallets.
In response to the breach, the Central Bank of Brazil ordered all institutions using C&M to immediately log off the platform. As no critical systems were compromised, the company was given the green light to resume operations two days later.
Kamal Zogheib, C&M's commercial director, emphasised that the attack involved fake customer credentials and not a technical vulnerability. The company is cooperating with São Paulo law enforcement agencies and the Federal Police.
The banking platform BMP, one of the affected vendors, said that customer deposits were not affected, but only its own reserve account was affected.
Currently, Brazilian authorities are searching for at least four other suspects and have frozen about 270 million reais ($49.8 million). Roque is still detained in São Paulo. According to investigators, he regularly changed phones to evade tracking.
Further investigations revealed that the stolen money was quickly transferred through exchanges in Brazil, Argentina and Paraguay. Large sums were laundered into cryptocurrency through OTC brokers within three hours. Some OTC desks reportedly flagged the suspicious activity, thus preventing the attackers from converting the stolen money within Brazil.
The Central Bank has hinted that stricter security controls may soon be introduced for platforms connected to reserve accounts and the PIX payments system, although no new rules have yet been announced.
The investigation is still ongoing under federal supervision, with the priority being to recover the funds and identify others responsible for the breach.
Read Next
32 Million Upbit Hack: Token Solana to Stars on the Korean Market!
Upbit suspends deposits and withdrawals after a hacker attack that embezzled 32 million in Solana tokens, causing heavy premiums in the Korean market.
UK crypto heist: convictions and self-custody risk
A heist of more than 4.3 million in cryptocurrencies in the UK calls into question the security of self-custody and the risks of the human factor.
Crypto Clash: Beijing Blames US for LuBian's 127,000 BTC Bitcoin Exploit
China accuses Washington of 'draining' 127,000 BTC from LuBian in 2020. Researchers link the exploit to a flaw in key generation.
New Eleven Drainer attack: threat to crypto wallets
Eleven Drainer, a new phishing-as-a-service, is expanding its business. Despite the sophistication of the attacks, human error remains the main weakness. The defence lies in user discipline.