In a major cybersecurity incident, Brazil’s Central Bank-linked software provider, C&M Software, was hacked, resulting in the theft of 800 million Brazilian reais, approximately $140 million USD. The hackers reportedly gained access after buying login credentials from a C&M employee for around $2,700.

C&M Software plays a key role in connecting Brazil’s Central Bank with other financial institutions. This breach impacted six institutions holding reserve accounts through the central bank’s system. According to local reports, the attacker used the stolen credentials to access these systems and move the funds out undetected.

Funds Laundered Through Crypto Exchanges

Blockchain analyst ZachXBT revealed that between $30 million to $40 million of the stolen funds were swiftly converted into Bitcoin (BTC), Ethereum (ETH), and Tether (USDT). These digital assets were then laundered through Latin American crypto exchanges and over-the-counter (OTC) platforms.

Brazilian police arrest a man they said is a C&M employee accused of selling login credentials to hackers. Source: Sao Paulo Globo

This laundering method highlights the complex cross-border nature of modern financial crimes, where stolen money can be disguised and moved at lightning speed using digital assets. These types of attacks are becoming harder to trace and recover from, especially when decentralised crypto tools are used for money laundering.

Centralised Systems Under Fire in AI Era

Experts believe this incident reflects a growing pattern: centralised systems are becoming more vulnerable, particularly with the rise of AI-powered hacking tools. Centralised financial systems often rely on single points of failure, like server access or employee credentials, making them easy targets for hackers.

Attacks on centralized services surged in 2024. Source: Chainalysis

Eran Barak, CEO of Shielded Technologies, said that these centralised platforms can contain “millions of passwords, sensitive files, or billions in capital,” which makes them extremely attractive to cybercriminals. In contrast, decentralised systems do not store all user data in one place, significantly reducing risk.

Why Decentralised Tech May Be Safer

Barak points to technologies like zero-knowledge proofs (ZKPs) as promising solutions to prevent such hacks. These systems don’t rely on centralised databases. Instead, they operate in a way that only reveals necessary information without exposing sensitive data.

If hackers target a decentralised network, they would need to breach individual wallets one at a time. That kind of attack offers very low returns compared to breaching a central system that gives access to thousands of records or funds.

“Their ROI would be one record instead of millions, not worth it. They are going to go elsewhere,” Barak said.

A Wake-Up Call for Central Banks and Institutions

This breach is a reminder that financial institutions must prioritise cybersecurity, especially when handling critical infrastructure. The Brazil hack also shows that even low-level insider threats can lead to massive financial losses, especially in systems without strong authentication or decentralised backup protocols.

As AI tools make it easier to exploit these weaknesses, the call for decentralisation grows louder. Blockchain technologies offer an alternative that is not only more secure but also less tempting for large-scale hacks.

The $140 million Brazil central bank breach reveals the growing dangers of centralised financial systems in a rapidly evolving digital landscape. As AI boosts the capabilities of cybercriminals, decentralised blockchain models and privacy-preserving technologies may offer the protection traditional systems fail to provide.