Portuguese 
Spanish 
3 min of reading 
0 comments 
After Diversion of R$ 1 Billion in July, Hackers Attack Sinqia and Target Pix in Operation That May Have Taken R$ 380 Million from HSBC in Brazil
In less than two months, two third-party companies linked to Pix have been targeted by hackers in frauds totaling R$ 1.38 billion diverted from the financial system. The cases involved companies responsible for connecting banks to the Central Bank’s instant payment system and raised an alert about the vulnerability of intermediaries that handle billions of reais every day.
The most recent episode occurred on Friday (29), when Sinqia identified suspicious activities in its systems. According to information gathered by Folha de S. Paulo, approximately R$ 380 million may have been diverted from HSBC through Pix amount not yet officially confirmed. Before that, in July, C&M Software suffered an attack that resulted in the diversion of R$ 1 billion from the Central Bank, affecting clients of major financial institutions.
What Happened to Sinqia
Sinqia is one of the main technology providers connecting banks to Pix. The company reported that the attack was restricted to the instant payment system environment and did not affect other internal operations or personal data. Nevertheless, experts warn that this type of failure demonstrates the fragility of third-party companies linked to Pix, which end up becoming preferred targets for hackers.
-
Petrobras sells the first batch of 3,800 m³ of aviation fuel made with certified soy, capable of reducing emissions by up to 70%, in an unprecedented project that anticipates the aviation sector’s requirements expected for 2027.
-
Brazil enacted a national minimum wage for teachers at R$ 5,130 for a 40-hour workweek, raised the minimum wage for basic education after a 5.4% adjustment, and established a rule that prevents increases below inflation in the coming years across the country.
-
Luciano Hang offers a R$ 40,000 prize at Havan, but it’s not exactly a job position: it’s an influencer contest for the network’s 40th anniversary, with a contract for the winner.
-
For years Star Wars led, but the most expensive film in history is now Jurassic World: Dominion, with a budget of $658.8 million and a box office that exceeded $1 billion.
For the police officer and cybersecurity expert Vytautas Zumas, the dependence on these companies creates critical vulnerability points: if a single connection is compromised, the entire network may be affected.
The Case of C&M Software
In July, the sector had already been shocked by an attack on C&M Software, also authorized to operate connections with the Central Bank. Hackers managed to divert around R$ 1 billion in resources, impacting institutions such as XP and Bradesco. Although the Pix itself was not breached, the incident demonstrated how outsourcing technological infrastructure opens up for serious gaps.
At the time, the Central Bank stated that it was investigating the case, but assured that the main Pix system remained secure. Still, the recurrence of similar incidents in a short period raises questions about the actual protection of the system.
The Impact on Banks and Customers
For ordinary customers, there is no immediate risk of losing access to Pix. The greater problem lies in the trust of the financial market. Two attacks in succession reveal that the protections of third-party companies linked to Pix may not keep pace with the growth of digital transactions, which already surpass cards and TEDs in daily volume.
Moreover, the financial impact is enormous: R$ 1.38 billion diverted in less than two months is equivalent to the annual budget of medium-sized Brazilian cities and exposes banks to losses and renegotiations of legal responsibility.
What May Change Going Forward
The Central Bank has not yet commented on the Sinqia case, but pressures for stricter cybersecurity rules are already increasing among experts and lawmakers. The private sector, in turn, calls for balance: making rules too strict may raise costs and reduce the agility of Pix, one of the biggest recent successes of the national financial system.
The question now is whether Brazil will be able to balance innovation and security in a system that has become essential in the daily lives of millions of people.
Attacks against third-party companies linked to Pix show that the risk lies not in the system itself, but in those ensuring the connection of banks. In two months, the loss has already exceeded R$ 1.38 billion, and the debate over responsibilities between government, banks, and service providers is expected to gain traction in the coming months.
And you, do you think these attacks could undermine trust in Pix or is the problem merely the fragility of the third-party providers? Leave your opinion in the comments — your perspective helps understand how the population views the security of the system.
Be the first to react!