On June 30, 2025, Brazil fell victim to a major cyber attack on C&M Software, leading to a loss of $140 million and exposing vulnerabilities in the financial system.
Financial Institutions Under Cybercriminal Attack
C&M Software, a service provider for Brazil's central bank, was attacked, resulting in an estimated financial loss of between R$400 million and R$800 million. Cybercriminals exploited employee credentials to gain unauthorized access to systems, affecting six financial institutions.
Conversion of Stolen Funds into Cryptocurrency
The stolen funds were quickly converted into cryptocurrency, including BTC, ETH, and USDT, through Latin American OTC desks. This highlights existing security vulnerabilities in handling financial data. The company's founder, Orli Machado, stated: "The company is a direct victim of this criminal action, which included the misuse of client credentials in an attempt to fraudulently access its systems and services."
Regulatory and Security Implications
The incident has already attracted the attention of Brazilian authorities and governmental agencies, which are initiating an investigation into the breach. It is expected that the incident could trigger a review of regulatory measures related to digital asset transactions and heighten security requirements in digital transaction frameworks.
The cyber attack on C&M Software serves as an important warning sign for financial institutions and may lead to a reassessment of existing security practices and regulatory policies in Brazil.
