BRASILIA, Brazil–C&M Software, a service provider that connects Brazil’s Central Bank to local banks and other financial institutions, acknowledged it has been hacked for up to 800 million Brazilian reais ($140 million), with funds from six institutions connected to the central bank.

According to the Brazilian news outlet Sao Paulo, the hack occurred after an employee of C&M allegedly sold his login credentials to the threat actor for roughly $2,700, allowing them to access the software system and steal funds held in reserve accounts.

Onchain detective ZachXBT said in its analysis the hackers converted an estimated $30 million to $40 million of the stolen funds to Bitcoin, Ether and USDt, which they laundered through Latin American exchanges and over-the-counter trading platforms.

‘Growing Risk’

“The incident highlights the growing risk of cybersecurity threats facing centralized software systems and servers, where single points of failure can lead to significant financial losses or the theft of sensitive data.” Sao Paulo News stated. “Centralized digital systems are inherently vulnerable to hacks, infiltration, ransom attempts and software exploits. These vulnerabilities are exacerbated by artificial intelligence.” 

Uptick in Hacks

Centralized crypto exchanges (CEXs) recorded an uptick in hacks in Q3 and Q4 2024, as hackers turned their sights to digital platforms with single points of failure, according to Chainalysis.