The bold cyber robbery on June 30 stolen an estimated $140 million ($800 million) from spare accounts from six Brazilian financial institutions through a sophisticated cyber attack targeting C&M Software, the leading service provider connecting Brazilian central banks and its PIX systems.
At least $300-40 million of stolen funds have since been washed into Bitcoin, Ethereum and Tether USDT, according to on-chain investigator ZACHXBT.
Brazil’s central bank began as an internal compromise
The hacker reportedly paid C&M Software employees just $15,000 (~$2,760) in exchange for their company’s login credentials. Armed with them, they deployed social engineering technology to access central bank services infrastructure. This allowed them to suck up funds from spare accounts of six institutions, including Banco BMF and others, within the same day.
Once discovered, the Brazilian Central Bank promptly instructed C&M to disconnect, effectively separating the provider from the banking system. The violation caused a temporary suspension of PIX-related services, and authorities and internal teams gathered to restore security and prevent wider transmission.
This hack closely follows the recent pattern of attacks against crypto exchange Coinbase. The customer service agent took the funds to reveal customer information. This had violated more than 69,000 accounts and Coinbase was expected to receive a refund of up to $400 million to its customers.
On-Chain Thruce Follows Crypto Laundering Trail
Zachxbt, a leading figure in blockchain forensics, reported that he is actively working with Brazilian law enforcement to track stolen funds and prevent chain washing.
Zachxbt’s official statement will release addresses linked to theft “when it’s OK to share,” indicating it will assist authorities in freezing additional crypto assets.
Brazilian federal investigators have arrested at least one suspect. I am a C&M employee whose qualifications have been sold. Authorities have already frozen around $270 million, with the compromised funds being around $55 million.
The Central Bank of Brazil also claims it has strengthened its surveillance system to better detect irregular PIX-related transactions.
Security analysts warn that the $140 million figure that draws attention is a distraction from the bigger threats of social engineering. This tactic is consistent with the list of vulnerabilities in the financial sector. Despite the technical firewall and hardening system, insiders with stolen credentials can mute them.
Response has moved to damage control and reputation repair
The attack reflects the recent trends in crypto crime and the attention to cryptocurrency for progression from crimes that have not occurred on-chain.
In the first half of 2025 alone, industry watchdog Certik estimated $2.5 billion in hacking and fraud losses. The report also showed that wallet compromise and phishing are the main tools hackers employ in robbery.
They both acknowledge the hack and share a press release pointing out that an investigation is ongoing, but neither C&M nor the Brazilian Central Bank has announced detailed public breakdowns of damages. The Brazilian Central Bank has not disclosed details of the financial institutions affected by the hack.
However, insiders reveal ongoing operations to mitigate reputation and customer impact, primarily through increased customer account security assurance and transaction validation.
The agency’s immediate focus is on retrieving the washed assets and preventing further cryptographic conversions.
On-chain analysts like ZachxBT have a strategic role in global cyber defense, offering a strong research path to crypto-laundry networks.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
