Hackers Steal $180M from Brazilian Banking System in Largest-Ever Attack, Cash Out via Bitcoin and USDT

Crypto Journalist

Anas Hassan

Crypto Journalist

Anas Hassan

About Author

Anas is a crypto native journalist and SEO writer with over five years of writing experience covering blockchain, crypto, DeFi, and emerging tech.

Share

Last updated: 

July 3, 2025

Criminal hackers exploited a critical vulnerability in a Brazilian banking infrastructure on Monday, stealing over R$1 billion (~$180 million) from reserve accounts in what authorities called the largest cyberattack in the country’s financial history.

According to Brazil Journal, C&M Software, a Central Bank-authorized service provider that handles API connections for financial institutions in Brazil, became the entry point for attackers who gained access to multiple bank accounts, including those of banking-as-a-service provider BMP.

Federal Police sources confirm that the breach is a massive infiltration of Brazil’s national payment system, with stolen funds immediately routed through cryptocurrency exchanges and over-the-counter desks in an attempt to convert the money into Bitcoin and USDT.

Central Bank technicians worked through the night to investigate the incident after C&M was immediately disconnected from the financial system, while multiple crypto service providers blocked suspicious transactions and froze accounts linked to the attack.

Infrastructure Breach Exposes Crypto Conversion Network

C&M Software confirmed in a statement to Valor Econômico that it was “a direct victim of criminal action, which included the improper use of customer credentials to attempt to fraudulently access its systems and services.“

The attackers exploited C&M’s role as a messaging gateway for Brazil’s Instant Payment System (PIX), gaining unauthorized access to transfer protocols that connect banks, fintechs, and payment processors to the national financial infrastructure.

Immediately after the theft, they began moving the stolen funds to cryptocurrency providers integrated with PIX, attempting to purchase USDT and Bitcoin through exchanges, gateways, and OTC desks.

SmartPay CEO Rocelo Lopes noted in a statement released that his company “detected that there was a problem at 00:18 on June 30, due to the atypical movement on both platforms” and automatically raised validation filters on USDT and Bitcoin purchases.

“Large sums of money were withheld and, at the same time, the process of returning them to the institutions involved was carried out,” Lopes explained, adding that many crypto OTC desks denied registration and operations by the hackers.

Industry sources have revealed that blockchain monitoring tools detected significant transactions to various cryptocurrency companies, although the exact amount successfully converted to digital assets remains under investigation.

However, despite the gravity of the attack, BMP emphasized in its official statement that “no BMP customer was impacted or had their funds accessed,” clarifying that the attack “exclusively involved funds deposited in its reserve account at the Central Bank” and that the institution “has sufficient collateral to fully cover the impacted amount.“

Crypto Rails Become Highway for Traditional Financial Crime

This attack adds to the growing concern of crypto’s expanding role as an exit ramp for traditional financial crimes, with digital assets providing liquidity and pseudo-anonymity that cash cannot match at scale.

Stablecoins have become particularly attractive to illicit networks, with the Financial Action Task Force recently warning that their use by criminal organizations poses growing risks without coordinated global regulation.