Hackers siphoned about R$800 million ($140 million) from six reserve accounts linked to Brazil’s central financial institution after breaching São Paulo-based software program vendor C&M Software program on June 30, in accordance to blockchain investigator ZachXBT and studies from native information shops.
Police mentioned C&M worker João Nazareno Roque bought his company login for R$15,000 ($2,770) and later developed a secondary entry instrument for an extra R$10,000 ($1,850), giving attackers direct entry to the seller’s infrastructure.
Investigators traced unauthorized directions that moved funds from the reserve accounts held on the Central Financial institution of Brazil for interbank settlement into business financial institution accounts tied to over-the-counter (OTC) desks and regional exchanges.
ZachXBT estimated that between $30 million and $40 million of the stolen funds had already been swapped for main digital belongings, together with Bitcoin, Ethereum, and USDT.
On-chain evaluation groups and Brazilian prosecutors are coordinating pockets freezes whereas attribution work continues.
Central financial institution and vendor response
The central financial institution ordered all establishments that routed by means of C&M to disconnect instantly after the breach and cleared the agency to revive service two days later, stating that vital programs remained intact.
C&M business director Kamal Zogheib advised Reuters that the assault relied on fraudulent consumer credentials fairly than a code flaw and confirmed cooperation with the Federal Police and São Paulo investigators.
BMP, a banking platform supplier hit within the raid, advised native media that solely its reserve stability was affected, and buyer deposits remained untouched.
Legislation enforcement officers have frozen R$270 million ($49.8 million) whereas monitoring extra flows and looking for a minimum of 4 accomplices cited in preliminary warrants.
Roque remained in custody in São Paulo as of July 3. Police allege that he rotated his cell phones each two weeks to keep away from being monitored.
Laundering route by means of Latin America
Transaction data reviewed by ZachXBT and impartial researchers point out that the attackers structured transfers throughout a number of exchanges in Brazil, Argentina, and Paraguay, then utilized OTC brokers to settle into crypto inside three hours of the preliminary breach.
Sources preferring to stay nameless advised CryptoSlate that the attackers discovered it difficult to purchase crypto with the stolen cash in Brazilian OTC desks, as a lot of the largest ones raised purple flags because of the giant quantities.
Brazil’s Federal Police declined to specify which platforms processed the swaps however mentioned alternate operators have begun freezing balances tied to flagged addresses.
The central financial institution has not disclosed whether or not extra distributors will face new connection necessities however signaled that the moment fee rail PIX and reserve account interfaces might obtain additional controls.
The probe continues beneath federal supervision, with investigators prioritizing the restoration of funds and figuring out the remaining organizers.
