Brazil’s central bank service provider hacked, $140M stolen

[_act_]

You can read the quotes to understand the whole thing.

An hack occurred after an employee of C&M was said to allegedly sold his login credentials to a threat actor for roughly $2700. The C&M Software, the service provider that connects Brazil’s Central Bank to local banks and other financial institutions, was hacked on Wednesday, leading to 800 million Brazilian reais ($140 million), in stolen funds from six institutions connected to the central bank.

The recent ~$140M (R$ 800M) cyberattack on the Central Bank of Brazil services provider C&M Software is easily one of the most insane cases from this year.

Six financial institutions experienced unauthorized access to their reserve accounts on June 30, 2025.Attackers converted fiat to BTC / ETH / USDT via Latam OTCs / exchanges. By my estimate at least $30-40M was converted to crypto.

Brazilian law enforcement has since shared the threat actor paid an employee at C&M only $2.76K (R$ 15K) for his corporate login and password.

The money was stolen in fiat and converted into crypto coins. What is to be blamed? Fiat, crypto, the stupid and greedy employee or the Latam OTCs / exchanges?

Actually I do not know what to post about this but I just want people to know about the hack.

[Odohu]

An hack occurred after an employee of C&M was said to allegedly sold his login credentials to a threat actor for roughly $2700. The C&M Software, the service provider that connects Brazil’s Central Bank to local banks and other financial institutions, was hacked on Wednesday, leading to 800 million Brazilian reais ($140 million), in stolen funds from six institutions connected to the central bank.

This simply means the  employee who sold his login details will be held responsible for this because it was through him the hack was perpetrated. What is painful is that both the person who sold his login details and the person who bought it may not be the direct hacker but another person who bought it along the line, but in the eyes of the law, the primary suspect is the employee that sold his login details for $2,700.

The authorities will eventually blame cryptocurrency and not the entire fiat payment systems that go compromised.

[mikel_012]

I'm from Brazil.

They say half the amount was recovered automatically after the Central Bank detected the attack.

The employee was arrested and he was a Jr. Dev that received a salary of $600 USD.

Crazy!

[Rustam Meraj]

This large scale hack of Brazil Central Bank service provider is showing major weaknesses in financial systems. Main problem was greedy employee who allegedly sold their login details for $2700 showing serious failure in  company security and employee checks. While  Bitcoin were used to hide and move stolen money. They were not  cause of theft which started in traditional banking system. Latin American crypto exchanges involved also face questions about their security and identity checks as they allowed such large amount of stolen money to be converted. By the way this incident shows that to prevent future hacks there needs to be much stronger security everywhere from better employee training and strict access controls at companies like C&M Software to more thorough checks at crypto exchanges to stop criminals from using them.

[WillyAp]

I'm from Brazil.

They say half the amount was recovered automatically after the Central Bank detected the attack.

The employee was arrested and he was a Jr. Dev that received a salary of $600 USD.

Crazy!

Not so crazy, it is the consequence when you save on wages.
Another angle is when kids don't know that action holds consequences.

[Davidvictorson]

The exchange Has no rule to play here so they cannot be blamed.
The one to blame is the person who sold the login details. I also blame the bank. One person should not be in charge of the login details. In fact the process of gaining access needs to be so rigorous that it requires about two to three persons to grant approval before access is granted.
A big lesson for the Central Bank in Brazil as well as other Central banks.

[DanWalker]

The authorities will eventually blame cryptocurrency and not the entire fiat payment systems that go compromised.

Is this your thinking and assumption? Because as far as I know from official sources, the Brazilian police and the Central Bank have stressed that the attack originated from an internal vulnerability. They never mention or blame crypto like you are blaming them.

Don't always think bad of them, and think that we are the only good people.

Furthermore, Brazil is considered one of the crypto-friendly countries in Latin America, I don't think they will blame and condemn crypto even if they can't recover the stolen money.

[Die_empty]

The money was stolen in fiat and converted into crypto coins. What is to be blamed? Fiat, crypto, the stupid and greedy employee or the Latam OTCs / exchanges?

Actually I do not know what to post about this but I just want people to know about the hack.

The era where just one employee login could give access to a financial institution is over. Banks should be able to have several layers of security or protection that should shield them from hacks like this.  

Greedy people are everywhere and can do anything for money.  The employee of the bank should be magically evaluated to ascertain if he is mentally fit or suffering from any form of addiction.

Crypto is just a currency or asset, and it has nothing to do with these criminal activities. The funds could have been used to buy gold or even real estate.

[BIT-BENDER]

If such huge money is in that bank then how can they have such weak security measures in place incase of situation like this.
It's sad but always happening that security measures are only tighten after an attack or threat to an attack.

The investigation should start with the ex staff that sold their login details because it's obvious that there was a negative intension to do so. This whole story is absurd and unbelievable.

[Alphakilo]

The one at fault here is the employee who sold the password for $2700. But before blaming him, another thing to look out for in this situation is to investigate if the employee was forced to do so in order to set him up or if he did it willingly. If his action was deliberate, then he should be arrested and punished accordingly for betrayal.

The Brazilian Central Bank should go to the Central Banks of neighboring countries and ask how they can prevent a repeat of this. They should learn the strategies that have in place that can forestall this.

[criptoevangelista]

I'm from Brazil.

They say half the amount was recovered automatically after the Central Bank detected the attack.

The employee was arrested and he was a Jr. Dev that received a salary of $600 USD.

Crazy!

But how did a junior developer get full access to the system like that? It's really insane, they must not have any security filters at all lol... I can only imagine how flawed that must be. Now the government will probably just print more money to make up for it (lol), and life goes on. Hopefully, the loss won’t fall on us, the mere mortal taxpayers.

[TastyChillySauce00]

Brazilian law enforcement has since shared the threat actor paid an employee at C&M only $2.76K (R$ 15K) for his corporate login and password.

Wtf? is this even real?

What was this employee thinking honestly, if anybody is asking for corporate login/password in exchange for money, pretty obvious it's social engineering on progress but alas it's already happened.
Just like coinbase's data leak that's caused by their offshore customer service if i remember correctly, human is the most vulnerable for these hacking when the hacker can't penetrate the system.

[viljy]

This is not an amazing event at all. The problem of data leakage through employees is very common. An employee is always looking to steal from the workplace and sell. This is how databases are stolen, unauthorized access is obtained, and so on. The problem here has only one reason - managers are either incompetent or intentionally harming. Because it will not be difficult for the head to get the security service or the human resources department to work, if desired. Just like maintaining discipline among employees. By the way, such an attitude towards one's duties can be extended very far up the ladder of power, up to the heads of some states.

[Fortify]

You can read the quotes to understand the whole thing.

An hack occurred after an employee of C&M was said to allegedly sold his login credentials to a threat actor for roughly $2700. The C&M Software, the service provider that connects Brazil’s Central Bank to local banks and other financial institutions, was hacked on Wednesday, leading to 800 million Brazilian reais ($140 million), in stolen funds from six institutions connected to the central bank.

The recent ~$140M (R$ 800M) cyberattack on the Central Bank of Brazil services provider C&M Software is easily one of the most insane cases from this year.

Six financial institutions experienced unauthorized access to their reserve accounts on June 30, 2025.Attackers converted fiat to BTC / ETH / USDT via Latam OTCs / exchanges. By my estimate at least $30-40M was converted to crypto.

Brazilian law enforcement has since shared the threat actor paid an employee at C&M only $2.76K (R$ 15K) for his corporate login and password.

The money was stolen in fiat and converted into crypto coins. What is to be blamed? Fiat, crypto, the stupid and greedy employee or the Latam OTCs / exchanges?

Actually I do not know what to post about this but I just want people to know about the hack.

It's definitely an interesting case and that employee is clearly in deep trouble for a relatively small gain. When I see these sort of things I instantly assume that North Korea is involved, as they essentially do cyber crime at the state level and have whole teams dedicated towards extracting money like this. it requires very particular preparation and timing to pull off. I do wonder how their banking system is set up that allows such large sums to move around with apparently poor checks on a single login, but this user must presumably have had very senior access within the system.  It's a prime example of people being the weak link within security and the power of social engineering.

[Oluwa-btc]

The money was stolen in fiat and converted into crypto coins. What is to be blamed? Fiat, crypto, the stupid and greedy employee or the Latam OTCs / exchanges?

Actually I do not know what to post about this but I just want people to know about the hack.

This is a total shut down for Brazil financial institutions and the employee should be held responsible for this acts, wasn't he aware that droplets of water can actually soil the whole book completely and the fact that the money was converted to crypto from fist is a medium that the acts was suspicious and planned, of recent something of this happened in my country where an individual was caught in the ceiling of the  local bank trying to hack into the bank systems.

[m2017]

This is not an amazing event at all. The problem of data leakage through employees is very common. An employee is always looking to steal from the workplace and sell. This is how databases are stolen, unauthorized access is obtained, and so on. The problem here has only one reason - managers are either incompetent or intentionally harming. Because it will not be difficult for the head to get the security service or the human resources department to work, if desired. Just like maintaining discipline among employees. By the way, such an attitude towards one's duties can be extended very far up the ladder of power, up to the heads of some states.

And we, ordinary people, are forced to use the services of such banks, they require KYC and so on, while these same banks are not able to provide the necessary level of protection not only of the confidential information of users, but also of the money of these same users.

The one at fault here is the employee who sold the password for $2700. But before blaming him, another thing to look out for in this situation is to investigate if the employee was forced to do so in order to set him up or if he did it willingly. If his action was deliberate, then he should be arrested and punished accordingly for betrayal.

$2700 is the price of security of our money and private information. You should carefully consider the decision to keep your money in banks.

Whatever the pretext for the employee's step, he committed this act one way or another and he was perfectly aware of the results it could lead to. The bank's reputation, personal data and users' money were at risk.

[EarnOnVictor]

The money was stolen in fiat and converted into crypto coins. What is to be blamed? Fiat, crypto, the stupid and greedy employee or the Latam OTCs / exchanges?

All of the above have their share of blame in this, but the blame of most is pardonable, or could be termed unintentional, for they are not created for that purpose, even if others could still use them for evil.

First, the employee is a greedy b*st*rd, for such a chicken amount??? Such should be sentenced to 100 years in prison, it's just too annoying.

As for crypto, it is the easiest way for perpetrators these days, which is a fault, but crypto itself is not evil, it is those who use it for evil that should be mostly blamed.

Lastly, Latam OTCs/exchanges are businesses; they can't be crucified for doing their business. Still, they can do better in scrutinising big transactions like that.

[EluguHcman]

What is to be blamed? Fiat, crypto, the stupid and greedy employee or the Latam OTCs / exchanges?

For goodness sake the so called employee who sold his C&M Logs is a service provider which server is connected to numerous of financial institutes.
Is that not supposed to be an official position of him ought to be logical and strict with the Logs in any case with a very high degree to maintain Privacies to keep the sites secured with the fact that he has private access to those institutions regarded that his Logs service providers is linked and can be vulnerable to compromise the Securities and Privacies of those affirmative financial institutes?

I am being skeptic here, let me ask, did he sold his Logs documentary not to have access to the server anymore or a resignation in that the alleged hacker would replace his position as the service provider?
Well, there is no other source to hold on to if not the employee.

He should be hold responsible. He is either in alliance with the hacker to steal the funds or his stupid and and ignorantic insecurity act should judge him on the damage because he is the architect of the incident.

Actually I do not know what to post about this but I just want people to know about the hack.

You have done the needful by spreading a threatful occurred incident which should give a key warning about how a silly mistake can ruin an entire system and even as a slight security breach can be threatful.

It also draws an attention to be careful with employees and in several cases with the looses of funds attached to cryptocurrencies are sometimes linked with insiders such as the employees.

[criptoevangelista]

The money was stolen in fiat and converted into crypto coins. What is to be blamed? Fiat, crypto, the stupid and greedy employee or the Latam OTCs / exchanges?

Actually I do not know what to post about this but I just want people to know about the hack.

This is a total shut down for Brazil financial institutions and the employee should be held responsible for this acts, wasn't he aware that droplets of water can actually soil the whole book completely and the fact that the money was converted to crypto from fist is a medium that the acts was suspicious and planned, of recent something of this happened in my country where an individual was caught in the ceiling of the  local bank trying to hack into the bank systems.

Would it be possible for these coins to be marked and somehow end up in our hands at some point in life? Could that maybe be a reason for an ordinary person to have their life turned upside down or their bank accounts frozen just for having a coin that was used in money laundering? Is that actually possible, or is it just something I'm imagining?

[Ishicryptic]

Stories of hacks is on the increase nowadays, both in traditional banking systems and in cryptocurrency, it is almost like normal occurances to hear about hacks. I wonder how somebody will compromise their login details for financial reward, even if they were threatened, he could have somehow contacted the law enforcement authorities, it shows that he is a willing conspirator in the hack This is the more reason why governments and institutions needs to know the past record and integrity of who they entrust with sensitive information.