Hackers siphoned about R$800 million ($140 million) from six reserve accounts related to Brazil’s central financial institution after breaching São Paulo-based software program vendor C&M Software program on June 30, in accordance to blockchain investigator ZachXBT and stories from native information shops.
Police stated C&M worker João Nazareno Roque offered his company login for R$15,000 ($2,770) and later developed a secondary entry software for an extra R$10,000 ($1,850), giving attackers direct entry to the seller’s infrastructure.
Investigators traced unauthorized directions that moved funds from the reserve accounts held on the Central Financial institution of Brazil for interbank settlement into business financial institution accounts tied to over-the-counter (OTC) desks and regional exchanges.
ZachXBT estimated that between $30 million and $40 million of the stolen funds had already been swapped for main digital belongings, together with Bitcoin, Ethereum, and USDT.
On-chain evaluation groups and Brazilian prosecutors are coordinating pockets freezes whereas attribution work continues.
Central financial institution and vendor response
The central financial institution ordered all establishments that routed by way of C&M to disconnect instantly after the breach and cleared the agency to revive service two days later, stating that crucial techniques remained intact.
C&M business director Kamal Zogheib informed Reuters that the assault relied on fraudulent consumer credentials moderately than a code flaw and confirmed cooperation with the Federal Police and São Paulo investigators.
BMP, a banking platform supplier hit within the raid, informed native media that solely its reserve steadiness was affected, and buyer deposits remained untouched.
Legislation enforcement officers have frozen R$270 million ($49.8 million) whereas monitoring extra flows and looking for at the least 4 accomplices cited in preliminary warrants.
Roque remained in custody in São Paulo as of July 3. Police allege that he rotated his cell phones each two weeks to keep away from being monitored.
Laundering route by way of Latin America
Transaction information reviewed by ZachXBT and unbiased researchers point out that the attackers structured transfers throughout a number of exchanges in Brazil, Argentina, and Paraguay, then utilized OTC brokers to settle into crypto inside three hours of the preliminary breach.
Sources preferring to stay nameless informed CryptoSlate that the attackers discovered it difficult to purchase crypto with the stolen cash in Brazilian OTC desks, as a lot of the largest ones raised purple flags because of the massive quantities.
Brazil’s Federal Police declined to specify which platforms processed the swaps however stated alternate operators have begun freezing balances tied to flagged addresses.
The central financial institution has not disclosed whether or not extra distributors will face new connection necessities however signaled that the moment fee rail PIX and reserve account interfaces could obtain additional controls.
The probe continues underneath federal supervision, with investigators prioritizing the restoration of funds and figuring out the remaining organizers.
