Brazil just faced one of the largest cyberattacks in its financial history, with hackers exploiting a third-party provider to siphon off nearly R$1 billion (approx. $180 million). A portion of the stolen funds was rapidly converted into Bitcoin and USDT, sparking urgent regulatory and security responses.
How the breach unfolded
On July 1st, 2025, cybercriminals gained unauthorized access to C&M Software, a regulated operator that handles integrations for Brazil’s instant payment systems like Pix, TED and direct clearing. By compromising credentials, the attackers were able to move funds from reserve accounts tied to six major financial institutions.
Critically, this wasn’t a direct hack into Brazil’s Central Bank systems. Instead, it was an infiltration of a trusted gateway that serves as an intermediary for core banking operations.
Bitcoin and USDT used for quick laundering
According to multiple reports, part of the embezzled money was funneled into Bitcoin (BTC) and Tether (USDT) using OTC desks and Pix-enabled crypto platforms. Some local providers detected unusually large transactions on June 30th and swiftly froze suspicious flows, preventing an even greater disaster.
Rocelo Lopes, CEO of SmartPay, confirmed that significant volumes were flagged and reverted, showcasing the increasing role of blockchain monitoring and real-time compliance tools.
Authorities and instant responses
The Central Bank of Brazil immediately suspended C&M Software’s integration access to stop further breaches. Both the Federal Police and specialized cybercrime units are investigating what is already being called the largest hacker attack on Brazil’s financial infrastructure to date.
International agencies have also been alerted, as similar attack patterns have been linked to state-sponsored groups in past incidents across Asia and Europe.
A wake-up call for global banking security
This breach rivals the infamous 2016 Bangladesh Bank heist, where hackers stole $101 million via SWIFT. However, Brazil’s situation stands out because it leveraged modern instant payment rails and attempted to sanitize funds through crypto ecosystems in near real time.
It highlights the urgent need for:
- Rigorous audits on third-party providers tied to core banking systems
- AI-driven monitoring to flag suspicious patterns instantly
- Tighter cooperation between fintechs, traditional banks and crypto platforms to respond within hours, not days
What comes next
While no retail customers were directly impacted, this event underscores systemic risks in even the most advanced financial networks. Regulatory bodies across Latin America and beyond are expected to review guidelines for fintech integrations, reserve account protections and digital asset compliance.
