Hackers stole approximately $140 million (800 million reais) from Brazil's Central Bank infrastructure on June 30, 2025, exploiting compromised credentials from IT provider C&M Software. According to blockchain investigator ZachXBT and São Paulo police, attackers bribed C&M employee João Nazareno Roque with just $2,760 for system access, enabling unauthorized transfers from reserve accounts of six financial institutions between 4-7 AM local time.
The assailants laundered $30-40 million through Latin American over-the-counter desks and crypto exchanges, converting stolen funds primarily into Bitcoin (BTC), Ethereum (ETH), and Tether (USDT). ZachXBT aided authorities in freezing several crypto wallets, including one containing $49.8 million, while revealing this marks Brazil's largest digital heist to date.
C&M Software—which connects 23 smaller banks to Brazil's Pix instant payment system—was ordered disconnected from central banking infrastructure on July 2, causing temporary service disruptions. Police arrested Roque on July 3, who admitted receiving payments to create breach-enabling software. Despite robust sector cybersecurity investments, the breach exploited authentication vulnerabilities rather than technical flaws.