Portuguese 
English 
Spanish 
3 min of reading 
0 comments 
A Hacker Attack Diverted R$ 710 Million From The PIX System Via Sinqia, Affecting HSBC And The Fintech Artta. Central Bank Investigates The Case.
A hacker attack against Sinqia, a company that connects financial institutions to the PIX system, diverted around R$ 710 million in unauthorized transactions on Friday, August 29, 2025.
The incident involved HSBC, which suffered an estimated impact of R$ 670 million, and the fintech Artta, which recorded a loss of approximately R$ 41 million.
According to a report sent to the SEC in the United States by the parent company Evertec, the criminal action exploited legitimate credentials from technology providers.
-
Havan, the retailer from Santa Catarina owned by Luciano Hang, will offer a contract of R$ 40,000 to whoever produces the best video in tribute to the company’s 40th anniversary, in a national influencer contest open to anyone with a profile on Instagram or TikTok.
-
After criticizing millions who receive Bolsa Família, Luciano Hang is considering opening stores in Paraguay while predicting a ‘collapse’ in Brazil with the end of the 6×1 work schedule and the conviction that ‘only a disaster’ would save the country; the owner of Havan talks about an explosion in inflation, a cost increase of up to 20%, and risks for thousands of Brazilian companies.
-
Giant Serie A club of the Brasileirão undergoes mass layoffs, putting up to 90 people out on the street and promoting a “silent reorganization” after the arrival of the SAF, affecting strategic sectors and causing a strong atmosphere of tension behind the scenes of Brazilian football.
-
China found a loophole and is entering Europe through the back door by setting up an army of factories for batteries, tires, and auto parts on the other side of the Strait of Gibraltar, in Morocco, which bypass the tariffs of up to 45% that Brussels established precisely to block Chinese electric cars.
The Central Bank of Brazil (BC) confirmed that it managed to block R$ 589 million — about 83% of the diverted amount.
Despite the seriousness of the case, the monetary authority emphasized that the central infrastructure of the PIX was not compromised and is functioning normally.
How The Hacker Attack Against The PIX Happened
According to the preliminary investigation, the criminals used credentials from providers who had authorized access to Sinqia’s environment.
Through them, they were able to insert fraudulent transactions into the system connected to the Central Bank.
Upon identifying the suspicious movement, Sinqia suspended the processing of operations, following its incident response protocol.
The Central Bank, in turn, interrupted the company’s connection with the Brazilian Payment System to prevent the attack from spreading to other institutions.
Evertec reported that the attack involved corporate transactions known as B2B (business to business) and that part of the amount has already been recovered.
HSBC And Artta Comment On The Case
HSBC, the most affected bank, clarified in a statement that no customers were impacted. According to the institution, the irregular transactions occurred in an account of a provider linked to the bank.
“On Friday, August 29, HSBC identified financial transactions via PIX in an account of a provider of the bank. No customer accounts were affected, and measures have been taken to block the suspicious transactions,” the statement declared.
Artta also confirmed that the attack did not directly affect its digital environment or customer accounts.
The impact, according to the fintech, occurred in the accounts it maintains at the Central Bank, used exclusively for interbank settlement.
“There was no attack on Artta’s environment or on our customers’ accounts. The accounts involved are maintained at the Central Bank and used exclusively for interbank settlement,” the official statement said.
Sinqia Reinforces Transparency And Says Personal Data Was Not Compromised
In a statement, Sinqia emphasized that the attack was restricted to its PIX environment and that there is no evidence of a data breach.
The company assured that it is rebuilding the affected infrastructure with new security protocols and support from external specialists.
“On August 29, we detected suspicious activity in the PIX environment. We acted quickly and initiated a detailed investigation, involving forensic specialists. We are working to safely restore the environment under the supervision of the Central Bank,” the company stated.
Meanwhile, banks and fintechs that relied on Sinqia’s platform needed to seek other providers to maintain their operations in the PIX system.
Central Bank And Authorities Monitor The Case
The Central Bank determined that Sinqia may only resume processing transactions after proving the effectiveness of the security measures implemented.
Additionally, the company reported that it has contacted federal and state law enforcement authorities to assist with the investigation.
This attack recalls another incident recorded in July 2025, when C&M Software also suffered a breach in its PIX environment. At that time, hackers used internal credentials to defraud the system.
Impact And Risks To The Financial System
Although the PIX continues to function normally and has not been compromised in its central structure, the incident raises alerts about the vulnerability of technology providers acting as intermediaries between banks and the Central Bank.
Cases like this show that, despite the robustness of the system, the weakest link may be in outsourced accesses. Cybersecurity experts assert that the investigation should point to new authentication protocols for credentials, reducing the risks of future attacks.
Be the first to react!