Hacker Breaks into C&M Software, Steals $140M in Central Bank-Funded Money In a dramatic cyber break-in, Brazil’s central financial system has been left shaken as hackers stole 800 million reais (~$140 million) through a focused attack on C&M Software, a key service provider to the Central Bank of Brazil. Insider Credentials Sold for $2,700 According to Brazilian newspaper São Paulo, the attack began when a C&M employee exchanged their login credentials for approximately $2,700. The credentials granted the attackers entry into the systems of C&M, which link the Central Bank with domestic banks. The hackers targeted six institutions and withdrew cash from reserve accounts. One C&M employee suspected of making the breach possible through selling their access credentials has been detained by Brazilian police. $30M–$40M Cleaned via Crypto Blockchain analyst ZachXBT reported that the hackers instantly moved $30 million to $40 million to Bitcoin (BTC), Ether (ETH), and USDt (USDT). Those assets were cleaned via Latin American crypto exchanges and over-the-counter (OTC) desks. The use of crypto for laundering is pointing towards increasing overlap among traditional finance systems and blockchain-based technologies in cybercrime operations. Centralized Systems Susceptible to AI-Era Threats The breach is a wake-up call to growing fear surrounding centralized software networks . Professionals say such networks are vulnerable to insider threats, ransomware, and exploits — particularly in a world where AI tools can be leveraged by cybercriminals to help them identify and breach such networks. Shielded Technologies CEO Eran Barak explained that hackers view centralized platforms as “massive ROI targets” due to the quantity of sensitive data and money that they hold. Decentralization as a Defense Barak demonstrated that decentralized blockchain systems, such as those utilizing zero-knowledge proofs (ZKPs), provide a less appealing target in that the hackers would need to break individual wallets rather than a central database. “If you can only access one account at a time, the payoff isn’t worth the risk,” Barak said.
