Hackers steal $140M from Brazilian central financial institution reserve accounts through accomplice breach
Hackers siphoned about R$800 million ($140 million) from six reserve accounts related to Brazil’s central financial institution after breaching São Paulo-based software program vendor C&M Software program on June 30, based on blockchain investigator ZachXBT and stories from native information retailers.
Police mentioned C&M worker João Nazareno Roque bought his company login for R$15,000 ($2,770) and later developed a secondary entry device for an extra R$10,000 ($1,850), giving attackers direct entry to the seller’s infrastructure.
Investigators traced unauthorized directions that moved funds from the reserve accounts held on the Central Financial institution of Brazil for interbank settlement into business financial institution accounts tied to over-the-counter (OTC) desks and regional exchanges.
ZachXBT estimated that between $30 million and $40 million of the stolen funds had already been swapped for main digital belongings, together with Bitcoin, Ethereum, and USDT.
On-chain evaluation groups and Brazilian prosecutors are coordinating pockets freezes whereas attribution work continues.
Central financial institution and vendor response
The central financial institution ordered all establishments that routed by means of C&M to disconnect instantly after the breach and cleared the agency to revive service two days later, stating that important techniques remained intact.
C&M business director Kamal Zogheib instructed Reuters that the assault relied on fraudulent consumer credentials slightly than a code flaw and confirmed cooperation with the Federal Police and São Paulo investigators.
BMP, a banking platform supplier hit within the raid, instructed native media that solely its reserve stability was affected, and buyer deposits remained untouched.
Regulation enforcement officers have frozen R$270 million ($49.8 million) whereas monitoring further flows and trying to find at the least 4 accomplices cited in preliminary warrants.
Roque remained in custody in São Paulo as of July 3. Police allege that he rotated his cell phones each two weeks to keep away from being monitored.
Laundering route by means of Latin America
Transaction data reviewed by ZachXBT and impartial researchers point out that the attackers structured transfers throughout a number of exchanges in Brazil, Argentina, and Paraguay, then utilized OTC brokers to settle into crypto inside three hours of the preliminary breach.
Sources preferring to stay nameless instructed CryptoSlate that the attackers discovered it difficult to purchase crypto with the stolen cash in Brazilian OTC desks, as a lot of the largest ones raised crimson flags as a result of giant quantities.
Brazil’s Federal Police declined to specify which platforms processed the swaps however mentioned trade operators have begun freezing balances tied to flagged addresses.
The central financial institution has not disclosed whether or not further distributors will face new connection necessities however signaled that the moment cost rail PIX and reserve account interfaces could obtain additional controls.
The probe continues beneath federal supervision, with investigators prioritizing the restoration of funds and figuring out the remaining organizers.
