Major Cyberattack Hits Brazilian Central Bank Service Provider
ZachXBT, the cryptocurrency researcher who’s made a name for himself tracking down high-profile scams, just dropped details on what might be one of the biggest cyberheists of 2025. And honestly, it’s wild how simple the entry point was.
According to his findings, C&M Software—a company that provides services to the Brazilian Central Bank—got hit hard. We’re talking about $140 million (or 800 million reais) siphoned off in a single attack. The breach happened on June 30, but the details are only now coming to light.
How It Went Down
Here’s the unsettling part: the attackers didn’t need some advanced hacking skills to pull this off. They just bought login credentials from a C&M employee for 15,000 reais—roughly $2,760. That’s peanuts compared to the millions they walked away with.
Once inside, they accessed reserve accounts at six different financial institutions linked to the Central Bank. Then came the money shuffle. The stolen cash was converted into Bitcoin, Ethereum, and Tether through over-the-counter (OTC) markets and crypto exchanges across Latin America. ZachXBT estimates at least $30 to $40 million ended up in crypto, though the full trail is still being pieced together.
The Aftermath—and the Silence
What’s surprising, maybe even frustrating, is how little attention this has gotten outside Brazil. A breach of this scale, involving a central bank service provider, should be making global headlines. But aside from ZachXBT’s thread and a few local reports, it’s been crickets.
The researcher says he’s been tracking the stolen funds, working to freeze some accounts and identify OTC brokers involved. He also plans to share wallet addresses tied to the theft eventually, which could help others follow the money.
But here’s the thing—even with those efforts, recovering the full amount seems unlikely. Crypto moves fast, and once it’s through certain channels, it’s gone for good.
Why This Matters
This isn’t just another crypto scam. It’s a reminder of how fragile financial systems can be when insider access is up for sale. A single employee, tempted by what’s basically a modest payday, opened the door to a $140 million disaster.
And while ZachXBT’s work is crucial, it also highlights how much still depends on independent researchers. If he hadn’t dug into this, would we even know?
One thing’s clear: as long as the payoff is this big, and the entry points this cheap, these attacks aren’t going away.
*Not investment advice, obviously. Just a heads-up on where the cracks are.
