Attention, folks! You won’t believe what happened in Brazil!
Blockchain investigator ZachXBT has uncovered a shocking plot involving a $140 million heist from the Central Bank of Brazil. The hackers, who are probably sipping margaritas on a beach somewhere, have started laundering the stolen funds through cryptocurrencies.
According to ZachXBT’s findings, the sneaky cybercriminals converted between $30 million and $40 million of the stolen cash into Bitcoin, Ethereum, and Tether. They used Latin American over-the-counter (OTC) platforms and crypto exchanges to pull off this digital magic trick.
Social Engineering Attack Blamed for $140 Million Crypto-Linked Hack in Brazil
In a twist worthy of a Mel Brooks movie, the whole thing started with a social engineering attack. An employee of C&M Software, João Nazareno Roque, sold his login credentials to the attackers for a measly R$15,000 (about $2,780). Talk about selling your soul for a song!
“I’ll publish theft addresses related to the incident that I found when it’s ok to share them as I have been helping freeze funds and attributing unlabeled OTCs,” ZachXBT added on Telegram.
On June 30, the hackers gained unauthorized access to the reserve accounts of six financial institutions connected to Brazil’s Central Bank via C&M Software. They managed to siphon off R$800 million (approximately $140 million), making it the largest digital heist in the country’s history.
C&M Software confirmed that the breach began with a social engineering attack. In this attack, its employee João Nazareno Roque sold his login credentials to the attackers for around R$15,000 (about $2,780).
“In this case, according to the report provided to the police authorities, the CMSW employee was approached outside the company premises by a third party who introduced himself as ‘connected to hackers’ and promised him financial benefits. The access began with his personal credentials, but there are indications that additional credentials or auxiliary authentication mechanisms were used, which is currently under technical analysis,” the firm stated.
Meanwhile, C&M Software emphasized that the incident stemmed from the misuse of internal credentials and not from any external technical breach.
The firm also stressed that its infrastructure remained uncompromised. It emphasized that its internal controls played a vital role in quickly containing the threat and supporting the ongoing investigation.
Considering this, security experts pointed out that the breach highlights the growing risk of social engineering attacks. In these attacks, perpetrators manipulate employees to gain access to critical systems and data.
“The weakest link is always human,” Fernando Molina, a data analyst at Blockworks said.
Social engineering attacks, such as phishing, impersonation, and fake support channels, are on the rise globally. Notably, a Sprinto report stated that 98% of cyber attackers use these tactics to access sensitive information.
Meanwhile, these types of attacks are also prevalent in the crypto scene. ZachXBT recently revealed that an elderly American lost $330 million in Bitcoin through a similar scheme.
Moreover, a report from Scam Sniffer also revealed that more than 43,000 crypto users lost around $39 million to crypto phishing scams in the first half of the year.
Read More
- Gold Rate Forecast
- Xbox’s Forza Horizon 5 Sold an Outrageous 2 Million Copies on PS5 in a Month
- How Much Does a PS5 Equivalent PC Cost in 2025?
- Lewis Capaldi Details “Mental Episode” That Led to Him “Convulsing”
- xAI’s $300/month Grok 4, billed as a “maximally truth-seeking AI” — seemingly solicits Elon Musk’s opinion on controversial topics
- Why Stephen Baldwin Is “Blessed” By Justin & Hailey Bieber’s Marriage
- Ryan Lochte Gets Cozy With New Woman Amid Kayla Reid Divorce
- Anime’s Greatest Summer 2024 Shonen Hit Drops New Look Ahead of Season 2
- Microsoft has a new way to use AI in OneNote — but a “dumb” feature excites me more
- Wrestler Marcus “Buff” Bagwell Undergoes Leg Amputation
2025-07-05 15:17