C&M Software, the technology provider that links Brazil’s Central Bank with domestic banks and payment institutions, was breached in an attack that led to the theft of roughly 800 million Brazilian reais ($140 million) from six connected institutions.
According to local reports, attackers allegedly obtained a direct route into C&M’s critical systems after an employee sold their login credentials for about $2,700, exposing reserve accounts tied into the central banking network. Brazilian authorities have detained a suspect, while onchain investigators continue to follow the movement of funds across the cryptocurrency ecosystem.
Onchain analyst ZachXBT reported that an estimated $30 million to $40 million of the stolen capital was rapidly converted into Bitcoin (BTC), Ether (ETH) and Tether (USDT), then routed through Latin American exchanges and over-the-counter trading venues in an effort to launder proceeds and obscure their origin on public blockchain networks.
The breach underscores how centralized infrastructures that connect traditional finance with digital assets are prime targets for sophisticated cybercrime. A single compromised identity or privileged account can unlock access to substantial liquidity, sensitive data and cross-border payment rails, amplifying systemic risk for both banks and crypto markets.
Centralized systems are sitting ducks in the age of artificial intelligence
As artificial intelligence tools grow more accessible, they significantly enhance phishing campaigns, credential theft, social engineering and automated scanning for vulnerabilities. Centralized software architectures and custodial platforms that store user data, private keys or reserve funds in one place present an attractive target profile for attackers.
Industry research has highlighted an increase in attacks on centralized cryptocurrency services holding aggregated liquidity and sensitive records, even as some DeFi protocols and noncustodial wallets strengthen their defenses. The concentration of assets across a few key providers in both traditional banking and digital asset infrastructure continues to offer a strong risk-reward incentive for hackers.
Eran Barak, CEO of Shielded Technologies, developer of the Midnight data-protection blockchain, has argued that advanced privacy-preserving tools and zero-knowledge-based architectures are increasingly necessary to counter AI-enabled threats.
He noted that cybercriminals seek “massive” returns by breaching centralized databases that can expose millions of credentials, documents or high-value reserves. In contrast, decentralized blockchain systems that distribute control across individual wallets and smart contracts reduce that potential payout, making large-scale exploits less economical.
By shifting from single points of failure to decentralized, privacy-focused networks, financial institutions and crypto businesses can lower the appeal of their systems as honeypots, strengthen user protection, and support a more resilient cryptocurrency environment spanning Bitcoin, Ethereum, stablecoins, DeFi platforms, NFTs and other blockchain-based services.
