The pirates siphoned around 800 million R $ ($ 140 million) of six reserve accounts connected to the Brazil Central Bank after breaking the São Paulo C&M software software on June 30, according to the investigator of the Zachxbt blockchain and local media reports.
The police said that C&M employee João Nazareno Roque had sold his business connection for 15,000 R $ R ($ 2,770) and then developed an additional $ 10,000 R $ 1,000 R tool ($ 1850), giving attackers direct access to supplier infrastructure.
Investigators traced unauthorized instructions that moved the funds of reserve accounts detained at the Banzil Central Bank for interbank regulations in commercial bank accounts linked to sales offices (OTC) and regional exchanges.
Zachxbt estimated that between $ 30 million and $ 40 million in stolen funds had already been exchanged for major digital assets, including Bitcoin, Ethereum and USDT.
Brazilian chain analysis teams and prosecutors coordinate portfolio freezing while allocation work continues.
Response from the central bank and sellers
The central bank ordered all the institutions that sent by the C&M to disconnect immediately after the violation and erased the company to restore the service two days later, declaring that the critical systems remained intact.
C&M sales director Kamal Zogheib told Reuters that the attack relied on the fraudulent skills titles of customers rather than a lack of code and confirmed cooperation with the federal police and São Paulo investigators.
BMP, a banking platform supplier, struck during the RAID, told local media that only his reserve balance was assigned and that customer deposits had remained intact.
Law application officials have frozen 270 million R $ ($ 49.8 million) while following additional flows and seeking at least four accomplices mentioned in preliminary mandates.
Roque stayed in detention in São Paulo on July 3. Police alleys that he turned his mobile phones every two weeks to avoid being watched.
Bleach across Latin America
The transaction files examined by Zachxbt and the independent researchers indicate that the attackers structured transfers on several exchanges in Brazil, Argentina and Paraguay, then used free -sales brokers to settle in the crypto within three hours of the initial violation.
Sources that prefer to remain anonymous told Cryptoslate That the attackers found it difficult to buy crypto with the money stolen in the over -the -counter Brazilian offices, because most of the largest increased red flags due to the important amounts.
Brazil federal police have refused to specify which platforms have treated Swaps, but said that the exchange operators had started freezing linked to the addresses reported.
The central bank has not revealed whether the additional suppliers will face new connection requirements, but have indicated that the instant and reserve payment rail interfaces can receive other checks.
The investigation continues under federal supervision, the investigators being prioritizing the resumption of funds and the identification of the remaining organizers.
