Brazil’s Central Bank Hit by Massive $140M Crypto Heist – Hackers Exploit Partner Breach to Drain Reserve Accounts
In a shocking incident that has rocked Brazil’s financial sector, hackers stole nearly $140 million from reserve accounts held at the Central Bank of Brazil. The breach targeted key financial infrastructure through a third-party software vendor, exposing major vulnerabilities in the country’s banking system and raising urgent questions about the security of central bank operations.
In This Article:
- Hackers Gained Access after Insider Sold Central Bank System Credentials
- Attackers Moved Reserve Funds into Crypto in Minutes after Central Bank Breach
- Police Freeze $50M, Search for Accomplices as Funds Launched across Borders
- Central Bank Orders Disconnection, Tightens Controls after Reserve Account Raid
Hackers Gained Access after Insider Sold Central Bank System Credentials
The $140 million central bank theft began with an insider betrayal. João Nazareno Roque, an employee at software vendor C&M Software, sold his corporate login for around $2,770 and created additional backdoor access for another $1,850. This allowed attackers to infiltrate C&M’s systems, which connect directly to Brazil’s central banking infrastructure.
Attackers Moved Reserve Funds into Crypto in Minutes after Central Bank Breach
Investigators found that hackers quickly sent stolen central bank funds through commercial bank accounts linked to OTC crypto desks and regional exchanges in multiple countries. Reports estimate that $30–$40 million was rapidly converted into cryptocurrencies like Bitcoin, Ethereum, and USDT, making the money harder to trace and recover.
Police Freeze $50M, Search for Accomplices as Funds Launched across Borders
Brazilian authorities have already frozen nearly $50 million and are tracking more. Police believe at least four other accomplices were involved. The arrested insider frequently changed phones to avoid surveillance. Hackers moved the funds across exchanges in Brazil, Argentina, and Paraguay, using brokers to turn the stolen money into crypto within hours.
Central Bank Orders Disconnection, Tightens Controls after Reserve Account Raid
The Central Bank of Brazil reacted swiftly—institutions using C&M had to immediately disconnect. Critical systems were not affected, and services were restored in two days, though officials warned that more rules for instant payment and reserve account connections may be coming. Recovery efforts and investigations are ongoing, with the focus on recovering funds and stopping similar attacks.
