A major breach of C&M Software, a service provider linked to Brazil’s central bank, caused the theft of 800 million Brazilian reais (about $140 million) on July 3, 2025. The hackers accessed the system after buying employee login credentials for around 15,000 reais (about $2,700), according to São Paulo Globo.
C&M Software connects Brazil’s central bank to commercial banks and financial institutions. The attackers used the credentials to access reserve accounts and move funds across six institutions. Law enforcement arrested the employee accused of selling the access. His role was confirmed in a police statement shared by local media.
The $140 million stolen was held in central bank-linked reserve accounts. Authorities confirmed that the C&M Software hack targeted these accounts using direct access from internal systems.
Crypto Laundering Route Used to Move Stolen Funds
Hackers layered the stolen money across multiple wallets to avoid detection. Authorities confirmed that the funds moved through platforms connected to Brazil’s PIX system. The PIX network processes instant payments across the country.
Officials did not name specific platforms. They confirmed that the laundering process used both local and international channels. Investigators launched cross-border probes into crypto laundering networks tied to the Brazil fintech crime.
Centralized System Breach Highlights Insider Risks
The C&M Software hack exposed weaknesses in centralized systems. A single employee login allowed access to critical financial infrastructure. The Brazil central bank’s network relies on external software providers like C&M to manage financial flows between institutions.
Security gaps in these centralized platforms have made them frequent targets. Investigators said that login credentials were not protected by additional authentication steps. The lack of these measures enabled the reserve accounts theft to occur without early detection.
Brazil’s cybersecurity units are reviewing access control methods and employee monitoring practices at C&M Software. The case adds pressure on fintech platforms to audit insider access to prevent future breaches.
Surge in Hacks Linked to Centralized Platforms in 2024–2025
Chainalysis reported a rise in attacks on centralized platforms in Q3 and Q4 2024. Many of these involved crypto exchanges, banking tools, and service providers handling large transaction volumes. The report said attackers focused on systems with a single access point, allowing large-scale exploitation.
The C&M Software hack followed that pattern. Hackers used one employee’s credentials to access six institutions through the same infrastructure. Once inside, they transferred millions before triggering any alert.
Brazil fintech crime cases like this are under increased scrutiny. The PIX platform has been used in other laundering attempts, linking centralized finance systems to unregulated crypto flows.
Reserve Accounts Theft Triggers Official Investigations
The Brazil central bank confirmed that the theft affected reserve accounts. It withheld the names of the six institutions involved. Investigators launched internal reviews. Authorities instructed all institutions using C&M Software to report suspicious activity.
Authorities are working to trace the $140 million stolen. Part of the crypto laundering trail has already been identified. Some funds moved to exchanges that operate without full know-your-customer (KYC) checks.
Data protection rules in Brazil require service providers to report breaches. The case has now been classified as a federal cybercrime investigation. Agencies are working with crypto analysis tools to follow the blockchain transactions initiated after the C&M Software hack.