Hackers stole $140M from Brazil’s central bank service provider

Hackers have stolen 800 million Brazilian reais (approx. $140 million) from six financial institutions connected to Brazil’s Central Bank.

The breach occurred through C&M Software, a third-party service provider responsible for linking the central bank to domestic banks.

According to Brazilian media outlet São Paulo, the attackers gained access by purchasing an employee’s login credentials for roughly $2,700.

This access enabled the hackers to infiltrate the system and transfer funds from reserve accounts.

Blockchain investigator ZachXBT reported that $30–40 million of the stolen funds were converted into Bitcoin, Ether, and Tether.

The laundered assets were routed through Latin American crypto exchanges and over-the-counter (OTC) trading desks.

The incident underscores the systemic risk posed by centralised infrastructure, especially when a single compromised user can lead to massive financial losses.

C&M Software’s compromise demonstrates how insider threats can bypass even enterprise-level security if access controls are insufficient.

Cybersecurity experts warn that centralised systems are increasingly attractive to hackers using artificial intelligence to probe for vulnerabilities.

Chainalysis has reported a surge in attacks on centralised crypto platforms in the second half of 2024.

Eran Barak, CEO of Shielded Technologies, warned that AI-enhanced cybercriminals are now exploiting single points of failure with greater speed and sophistication.

He stated that centralised systems holding troves of sensitive data or capital make for high-ROI targets.

Barak argued that decentralised technologies—particularly those using zero-knowledge proofs (ZKPs)—significantly reduce the incentive for hackers.

With ZKPs, malicious actors must compromise individual wallets instead of accessing a central repository containing millions of records.

This fragmentation drastically lowers the ROI for hackers, thereby diminishing the appeal of attacks on decentralised platforms.

The Brazilian incident is one of the largest cyber-heists linked to a central bank service provider to date.

It raises urgent questions about vendor security, regulatory oversight, and the role of decentralised technology in future-proofing financial infrastructure.

Authorities in Brazil are reportedly investigating the attack and reviewing the central bank’s reliance on external vendors.

Meanwhile, the crypto industry is using the breach as a case study in advocating for decentralised finance (DeFi) and next-generation privacy technologies.

At the time of reporting, Bitcoin price was $108,732.00.