Hackers siphoned about R$800 million ($140 million) from six reserve accounts related to Brazil’s central financial institution after breaching São Paulo-based software program vendor C&M Software program on June 30, in response to blockchain investigator ZachXBT and studies from native information retailers.
Police stated C&M worker João Nazareno Roque bought his company login for R$15,000 ($2,770) and later developed a secondary entry software for an extra R$10,000 ($1,850), giving attackers direct entry to the seller’s infrastructure.
Investigators traced unauthorized directions that moved funds from the reserve accounts held on the Central Financial institution of Brazil for interbank settlement into business financial institution accounts tied to over-the-counter (OTC) desks and regional exchanges.
ZachXBT estimated that between $30 million and $40 million of the stolen funds had already been swapped for main digital belongings, together with Bitcoin, Ethereum, and USDT.
On-chain evaluation groups and Brazilian prosecutors are coordinating pockets freezes whereas attribution work continues.
Central financial institution and vendor response
The central financial institution ordered all establishments that routed by way of C&M to disconnect instantly after the breach and cleared the agency to revive service two days later, stating that important methods remained intact.
C&M business director Kamal Zogheib informed Reuters that the assault relied on fraudulent shopper credentials slightly than a code flaw and confirmed cooperation with the Federal Police and São Paulo investigators.
BMP, a banking platform supplier hit within the raid, informed native media that solely its reserve stability was affected, and buyer deposits remained untouched.
Regulation enforcement officers have frozen R$270 million ($49.8 million) whereas monitoring further flows and trying to find at the least 4 accomplices cited in preliminary warrants.
Roque remained in custody in São Paulo as of July 3. Police allege that he rotated his cell phones each two weeks to keep away from being monitored.
Laundering route by way of Latin America
Transaction information reviewed by ZachXBT and impartial researchers point out that the attackers structured transfers throughout a number of exchanges in Brazil, Argentina, and Paraguay, then utilized OTC brokers to settle into crypto inside three hours of the preliminary breach.
Sources preferring to stay nameless informed CryptoSlate that the attackers discovered it difficult to purchase crypto with the stolen cash in Brazilian OTC desks, as many of the largest ones raised purple flags because of the giant quantities.
Brazil’s Federal Police declined to specify which platforms processed the swaps however stated alternate operators have begun freezing balances tied to flagged addresses.
The central financial institution has not disclosed whether or not further distributors will face new connection necessities however signaled that the moment fee rail PIX and reserve account interfaces could obtain additional controls.
The probe continues beneath federal supervision, with investigators prioritizing the restoration of funds and figuring out the remaining organizers.