Hackers allegedly bribed a C&M employee to steal $140 million from six banks in one day

Source Cryptopolitan

In a bold cyber heist on June 30, an estimated $140 million (R$800 million) was stolen from six Brazilian financial institutions’ reserve accounts through a sophisticated cyberattack targeting C&M Software, a key service provider that connects banks to the Central Bank of Brazil and its PIX system. 

At least $30 to $40 million of the stolen funds have since been laundered into Bitcoin, Ethereum, and Tether’s USDT via Latin American over-the-counter (OTC) desks and exchanges, according to on‑chain investigator ZachXBT.

The Central Bank of Brazil heist started as an internal compromise

The hackers reportedly paid a C&M Software employee just R$15,000 (~$2,760) in exchange for corporate login credentials. Armed with those, they deployed social engineering techniques to access the central bank service infrastructure. This allowed them to siphon funds from the reserve accounts of six institutions, including Banco BMF and others, within the same day.

Upon discovery, the Central Bank of Brazil swiftly instructed C&M to sever its connections, effectively isolating the provider from banking systems. The breach led to the temporary suspension of PIX-related services while authorities and internal teams rallied to restore security and prevent wider contagion.

The hack closely follows the pattern of the recent attack on the crypto exchange Coinbase, where customer service agents took bribes to reveal customer information. This led to the breach of over 69,000 accounts, with Coinbase expected to reimburse as high as $400 million to customers.

On-chain sleuth follows the crypto laundering trail

ZachXBT, a leading figure in blockchain forensics, reported he has been actively collaborating with Brazilian law enforcement to track stolen funds and prevent further laundering on-chain.

Public statements from ZachXBT indicate he plans to release the addresses linked to the theft “when it’s okay to share them,” to aid authorities in freezing additional crypto assets.

Brazilian federal investigators have arrested at least one suspect: the C&M employee whose credentials were sold. Authorities have already frozen approximately R$270 million, approximately $55 million in compromised funds.

The Central Bank of Brazil also claims to have reinforced monitoring systems to better detect irregular PIX-related transactions.

Security analysts warn that the attention-grabbing $140 million figure distracts from the larger threat of social engineering. This tactic consistently tops the list of vulnerabilities in the financial sector. Despite technical firewalls and hardened systems, insiders with stolen credentials can render them moot.

The response has moved on to damage control and reputational repair

The attack mirrors recent trends in crypto crime and how proceeds from crimes that didn’t happen on-chain are also funneled into crypto.

In the first half of 2025 alone, industry watchdog CertiK estimated losses from hacks and scams at a staggering $2.5 billion, with most of the incidents happening on the Ethereum network, followed by Bitcoin. The report also showed that wallet compromise and phishing are the leading tools hackers employ for their heists.

Although they have both shared press releases acknowledging the hack and pointing out that investigations are ongoing, neither C&M nor the Central Bank of Brazil has released a detailed public breakdown of the damage. The Central Bank of Brazil has not revealed the details of the financial institutions affected by the hack.

However, insiders reveal ongoing operations to mitigate reputational and customer impact, primarily through customer account security assurances and increased transaction verifications.

The immediate focus for authorities lies in recovering laundered assets and preventing further crypto conversions.

On-chain analysts like ZachXBT now occupy a strategic role in global cyber defense, providing a powerful investigative path into crypto laundering networks.

Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
Gold Price Forecast: XAU/USD gains momentum to near $3,650, eyes on US CPI releaseThe Gold price (XAU/USD) gains momentum to near $3,645 during the early Asian session on Thursday.
Author  FXStreet
Sep 11, Thu
The Gold price (XAU/USD) gains momentum to near $3,645 during the early Asian session on Thursday.
placeholder
What to expect from Ethereum in October 2025With broader sentiment worsening, user demand falling across the Ethereum network, and institutional investors pulling back, the coin faces mounting headwinds in October.
Author  Beincrypto
Sep 30, Tue
With broader sentiment worsening, user demand falling across the Ethereum network, and institutional investors pulling back, the coin faces mounting headwinds in October.
placeholder
Gold retreats from all-time peak as Israel-Hamas peace deal tempers safe-haven demandGold (XAU/USD) drifts lower during the Asian session on Thursday and now seems to have snapped a four-day winning streak to a fresh all-time peak, around the $4,059-4,060 area touched the previous day.
Author  FXStreet
Yesterday 06: 19
Gold (XAU/USD) drifts lower during the Asian session on Thursday and now seems to have snapped a four-day winning streak to a fresh all-time peak, around the $4,059-4,060 area touched the previous day.
placeholder
Bitcoin Slides From $126,000 Peak as Market Eyes Whether Uptober Rally Can LastAfter reaching a new all-time high of over $126,000 earlier this week, Bitcoin’s (BTC) price has slipped slightly, raising questions about the sustainability of its recent rally.
Author  Beincrypto
Yesterday 09: 13
After reaching a new all-time high of over $126,000 earlier this week, Bitcoin’s (BTC) price has slipped slightly, raising questions about the sustainability of its recent rally.
placeholder
Bitcoin and Ether face volatility as $5.3B options expireBTC, ETH options for a total of $5.3B are expiring on Friday, bringing another period of potential price volatility.
Author  FXStreet
Yesterday 10: 02
BTC, ETH options for a total of $5.3B are expiring on Friday, bringing another period of potential price volatility.
goTop
quote