- Hackers have stolen $140 million from Brazils central bank reserves by exploiting insider access to a financial software provider
- Around $30 million to $40 million has been laundered through Bitcoin, Ethereum, and USDT using Latin American OTC crypto networks
- Authorities have frozen nearly $50 million in assets and arrested the employee allegedly responsible for enabling the breach
A cyberattack has struck Brazils central banking system, with criminals stealing roughly $140 million by compromising a third-party software provider and laundering the funds through cryptocurrencies. The hackers gained access through insider credentials, quickly moving the stolen funds into coins like Bitcoin and USDT via regional over-the-counter exchanges. Federal police have since frozen over R$270 million ($50 million) and arrested a suspect linked to the scheme, but the very nature of the scheme has rung alarm bells in the nation.
Insider Breach Enables System Compromise
The breach occurred on June 30 when attackers infiltrated C&M Software, a firm that provides services to Brazils central bank. According to investigators, Jo�o Nazareno Roque, an employee at C&M, allegedly sold login credentials to the criminals for around R$15,000 ($2,760) and later offered remote access software for an additional fee. These tools allowed the hackers to transfer large sums from six institutional reserve accounts under the Central Banks oversight, and once inside, the attackers routed approximately $30 million to $40 million into cryptocurrencies using unregulated OTC desks in Latin America.
Federal police, working alongside prosecutors and blockchain experts, managed to freeze a portion of the stolen funds and limit further exposure. The Central Bank ordered an immediate shutdown of its interface with C&M Software, resuming operations after emergency security reviews. Roque, who reportedly switched phones regularly to avoid detection, is now in custody and facing federal charges.
Expect More, Insider Warns
There have been warnings over the ease with which hackers are gaining access to key operations within both digital and analogue banking institutions; FullyCrypto was warned by a crypto exchange employee in late May that poorly-paid foreign workers often look to supplement their income by selling information quietly to gangs for such uses. The insider warned us that such practices were common in the crypto space but were also a risk in the traditional banking environment, a claim which is borne out by this hack.
In the crypto space, some well-established firms like Coinbase have realised the risk of hiring individuals in poorer countries and are taking action by recruiting for roles in their native countries again, increasing the pay to ward off such temptations. However, while the potential of massive riches is there, this risk will always be apparent, which increases the importance of self-custody.
