A large-scale cybercrime caused losses of $140 million in reserve funds related to Brazil’s Central Bank. The attack occurred due to the compromise of an employee at C&M Software, which provides technical communication between the regulator and the country’s financial institutions.
This is reported by Business • Media
Mechanism of the Breach and Subsequent Money Laundering
Investigators found that one of the employees at C&M Software sold their login and password to hackers for $2,700. Gaining access to internal systems, the perpetrators were able to withdraw money from the reserve accounts of six banks that interact with the central bank. Part of the stolen funds was quickly converted into Bitcoin, Ethereum, and USDT stablecoins, after which they were laundered through over-the-counter exchanges and platforms in Latin America.
“Part of the stolen funds was converted into Bitcoin, Ethereum, and USDT stablecoins. The money was laundered through over-the-counter platforms and exchanges in Latin America. This was reported by crypto detective ZachXBT.”
Consequences and Expert Reactions
Experts consider this incident a clear illustration of the vulnerabilities of centralized software solutions in the financial sector. Analysts emphasize that systems with a single point of failure easily become targets for hackers, especially given the increasing role of artificial intelligence tools that simplify the execution of attacks.
The CEO of Shielded Technologies, Eran Barak, previously pointed out that cybercrime is particularly profitable for attacks on centralized databases. In his opinion, such systems are more attractive to criminals than decentralized platforms, where the success of a single attack does not lead to widespread consequences. Barak stressed that implementing secure blockchain solutions and privacy technologies can significantly reduce hackers’ motivation by decreasing the expected profit.
At the time of preparing this material, there were no official comments regarding the scale of the stolen funds from either the Central Bank of Brazil or C&M Software. The investigation is ongoing, and authorities are checking for possible internal involvement and adherence to cybersecurity by the contractor.
Previously in Brazil, three organizers of a large-scale cryptocurrency pyramid scheme were sentenced to 171 years in prison.