Hackers Steal $140M from Brazilian Central Bank Reserve Accounts via Partner Breach
Hackers siphoned approximately R$800 million ($140 million) from six reserve accounts linked to Brazil’s central bank after breaching São Paulo-based software supplier C&M Software on June 30. According to blockchain private investigator ZachXBT and local news reports, the breach occurred when C&M employee João Nazareno Roque sold his business login credentials for R$15,000 ($2,770) and facilitated unauthorized access to the vendor’s systems. This breach led to the movement of funds from the central bank’s reserve accounts to commercial bank accounts connected to over-the-counter (OTC) desks and local exchanges.
ZachXBT estimated that a significant portion of the stolen funds, between $30 million and $40 million, had already been converted into major digital assets like Bitcoin, Ethereum, and USDT. While on-chain analysis teams and Brazilian prosecutors are working on freezing the wallets involved, the investigation is ongoing to identify other perpetrators and recover the stolen funds.
Response from the Central Bank and Vendor
Following the breach, the central bank instructed all institutions using C&M’s services to disconnect immediately. Despite the attack, the bank confirmed that critical systems remained intact and allowed C&M to resume operations after two days. C&M’s director, Kamal Zogheib, highlighted that the breach exploited fraudulent user credentials rather than a system flaw and assured collaboration with law enforcement authorities.
Additionally, BMP, a banking platform provider affected by the breach, clarified that only its reserve balance was impacted, with customer deposits remaining secure. Law enforcement authorities have frozen R$270 million ($49.8 million) and are pursuing leads to apprehend at least four accomplices involved in the cyber theft. João Nazareno Roque, the implicated C&M employee, is currently in custody in São Paulo.
Laundering Path and Investigation Update
Investigations by ZachXBT revealed that the hackers meticulously structured fund transfers across various exchanges in Brazil, Argentina, and Paraguay before converting the funds into cryptocurrencies through OTC brokers within hours of the initial breach. However, sources reported that the perpetrators faced challenges in using the stolen funds to purchase crypto in Brazilian OTC markets due to heightened scrutiny.
While the central bank has not disclosed additional vendor requirements, it hinted at potential enhancements to controls for systems like the PIX instant payment rail and reserve account interfaces. The ongoing inquiry, led by federal authorities, aims to recover the stolen funds and apprehend all individuals involved in orchestrating the cyber heist.
Expert Commentary from Sam Boolman, ChainIntel’s Lead Analyst
According to Sam Boolman, the recent cyber attack on Brazil’s central bank highlights the persistent vulnerabilities in the financial sector, particularly the risks associated with third-party vendors. Institutions must prioritize robust cybersecurity measures and conduct thorough due diligence on their partners to mitigate such threats. The swift response from the central bank and law enforcement authorities underscores the importance of coordinated efforts to combat cybercrime in the digital age.
