Brazilian Central Bank Bleeds $140M in Brazen Hack—Partner Network Breached

Another day, another nine-figure heist—only this time, the thieves didn’t need a ski mask. They hacked Brazil’s financial plumbing instead.

How it happened: Attackers infiltrated a partner institution tied to the Banco Central do Brasil, siphoning reserves with surgical precision. No brute force, no flashy exploits—just old-fashioned credential theft turned geopolitical-scale payday.

Why it stings: This wasn’t some DeFi protocol cutting corners. A G20 nation’s sovereign reserves got drained because someone’s third-party vendor left the digital backdoor unlocked. So much for ‘too big to fail’ infrastructure.

The cynical take: At least crypto hackers usually give you a blockchain receipt. Here? Poof—$140M vanishes into the legacy finance void. Maybe next time they’ll keep the reserves in a cold wallet.

Central bank and vendor response

The central bank ordered all institutions that routed through C&M to disconnect immediately after the breach and cleared the firm to restore service two days later, stating that critical systems remained intact.

C&M commercial director Kamal Zogheib told Reuters that the attack relied on fraudulent client credentials rather than a code flaw and confirmed cooperation with the Federal Police and São Paulo investigators.

BMP, a banking platform provider hit in the raid, told local media that only its reserve balance was affected, and customer deposits remained untouched.

Law enforcement officials have frozen R$270 million ($49.8 million) while tracking additional flows and searching for at least four accomplices cited in preliminary warrants.

Roque remained in custody in São Paulo as of July 3. Police allege that he rotated his mobile phones every two weeks to avoid being monitored.

Laundering route through Latin America

Transaction records reviewed by ZachXBT and independent researchers indicate that the attackers structured transfers across multiple exchanges in Brazil, Argentina, and Paraguay, then utilized OTC brokers to settle into crypto within three hours of the initial breach.

Sources who prefer to remain anonymous told CryptoSlate that the attackers found it challenging to buy crypto with the stolen money in Brazilian OTC desks, as most of the largest ones raised red flags due to the large amounts.

Brazil’s Federal Police declined to specify which platforms processed the swaps but said exchange operators have begun freezing balances tied to flagged addresses.

The central bank has not disclosed whether additional vendors will face new connection requirements but signaled that the instant payment rail PIX and reserve account interfaces may receive further controls.

The probe continues under federal supervision, with investigators prioritizing the recovery of funds and identifying the remaining organizers.