Brazil’s Central Bank Service Provider Hacked: $140 Million Stolen in Major Breach

Brazil’s financial sector suffered a massive blow this week after a cyberattack on C&M Software, the company that connects Brazil’s Central Bank to local banks and institutions, led to the theft of over 800 million reais ($140 million).

The attack, which occurred on Wednesday, has exposed serious vulnerabilities in centralized financial systems and sparked renewed debate over cybersecurity in the age of AI.

How the hack unfolded

According to Brazilian news outlet São Paulo, the breach stemmed from an insider threat: a C&M Software employee allegedly sold his login credentials to hackers for around $2,700. Using these credentials, the attackers infiltrated C&M’s systems, gaining unauthorized access to reserve accounts and siphoning funds from six financial institutions tied to Brazil’s central bank.

Blockchain investigator ZachXBT reported that approximately $30–40 million of the stolen funds were quickly converted into Bitcoin (BTC), Ether (ETH), and USD Tether (USDT) before being laundered through Latin American crypto exchanges and over-the-counter (OTC) platforms.

Brazilian authorities have already arrested the C&M employee suspected of facilitating the hack.

Why centralized systems are at risk

This incident is yet another reminder of the dangers of centralized digital systems. C&M Software’s platform acts as a single point of failure — meaning that once breached, hackers could access a trove of sensitive financial data and assets.

According to Chainalysis, attacks on centralized services surged through 2024, as hackers increasingly target platforms where a single vulnerability can yield massive rewards. The advent of AI tools has only made these attacks more sophisticated, enabling criminals to discover and exploit weaknesses faster than ever before.

Eran Barak, CEO of Shielded Technologies, told Cointelegraph that centralized databases holding millions of credentials or billions in capital are irresistible targets for attackers. In contrast, decentralized blockchain technologies — such as those utilizing zero-knowledge proofs (ZKPs) — distribute data and reduce the ROI for attackers.

“In a decentralized system, the reward for hacking is just one record instead of millions — making it not worth the effort,” Barak said.

The bigger picture

The Brazilian breach underscores a global challenge: the need for stronger security practices, particularly around employee access and insider threats. While decentralized solutions are gaining traction, the majority of critical financial infrastructure worldwide remains centralized, leaving it exposed to such attacks.

For now, Brazil’s central bank has reassured the public that customer deposits remain safe and that operations are continuing. However, experts argue that this hack should serve as a wake-up call for the industry to prioritize security innovations and reduce reliance on single points of failure.