Portuguese 
English 
Spanish 
3 min of reading 
0 comments 
After Diversion of R$ 1 Billion in July, Hackers Attack Sinqia and Target Pix in Operation That May Have Taken R$ 380 Million from HSBC in Brazil
In less than two months, two third-party companies linked to Pix have been targeted by hackers in frauds totaling R$ 1.38 billion diverted from the financial system. The cases involved companies responsible for connecting banks to the Central Bank’s instant payment system and raised an alert about the vulnerability of intermediaries that handle billions of reais every day.
The most recent episode occurred on Friday (29), when Sinqia identified suspicious activities in its systems. According to information gathered by Folha de S. Paulo, approximately R$ 380 million may have been diverted from HSBC through Pix amount not yet officially confirmed. Before that, in July, C&M Software suffered an attack that resulted in the diversion of R$ 1 billion from the Central Bank, affecting clients of major financial institutions.
What Happened to Sinqia
Sinqia is one of the main technology providers connecting banks to Pix. The company reported that the attack was restricted to the instant payment system environment and did not affect other internal operations or personal data. Nevertheless, experts warn that this type of failure demonstrates the fragility of third-party companies linked to Pix, which end up becoming preferred targets for hackers.
-
Larger than entire cities in Brazil: BYD is building a 4.6 km² complex in Bahia with a capacity for 600,000 vehicles per year, but the discovery of 163 workers in conditions analogous to slavery has shaken the entire project.
-
With an investment of R$ 612 million, a capacity to process 1.2 million liters of milk per day, Piracanjuba inaugurates a mega cheese factory that increases national production, reduces dependence on imports, and repositions Brazil on the global dairy map.
-
Brazilian city gains industrial hub for 85 companies that is equivalent to 55 football fields.
-
Peugeot and Citroën factory in Argentina cuts production by half and opens a layoff program for more than 2,000 employees after Brazil drastically reduced purchases of Argentine vehicles.
For the police officer and cybersecurity expert Vytautas Zumas, the dependence on these companies creates critical vulnerability points: if a single connection is compromised, the entire network may be affected.
The Case of C&M Software
In July, the sector had already been shocked by an attack on C&M Software, also authorized to operate connections with the Central Bank. Hackers managed to divert around R$ 1 billion in resources, impacting institutions such as XP and Bradesco. Although the Pix itself was not breached, the incident demonstrated how outsourcing technological infrastructure opens up for serious gaps.
At the time, the Central Bank stated that it was investigating the case, but assured that the main Pix system remained secure. Still, the recurrence of similar incidents in a short period raises questions about the actual protection of the system.
The Impact on Banks and Customers
For ordinary customers, there is no immediate risk of losing access to Pix. The greater problem lies in the trust of the financial market. Two attacks in succession reveal that the protections of third-party companies linked to Pix may not keep pace with the growth of digital transactions, which already surpass cards and TEDs in daily volume.
Moreover, the financial impact is enormous: R$ 1.38 billion diverted in less than two months is equivalent to the annual budget of medium-sized Brazilian cities and exposes banks to losses and renegotiations of legal responsibility.
What May Change Going Forward
The Central Bank has not yet commented on the Sinqia case, but pressures for stricter cybersecurity rules are already increasing among experts and lawmakers. The private sector, in turn, calls for balance: making rules too strict may raise costs and reduce the agility of Pix, one of the biggest recent successes of the national financial system.
The question now is whether Brazil will be able to balance innovation and security in a system that has become essential in the daily lives of millions of people.
Attacks against third-party companies linked to Pix show that the risk lies not in the system itself, but in those ensuring the connection of banks. In two months, the loss has already exceeded R$ 1.38 billion, and the debate over responsibilities between government, banks, and service providers is expected to gain traction in the coming months.
And you, do you think these attacks could undermine trust in Pix or is the problem merely the fragility of the third-party providers? Leave your opinion in the comments — your perspective helps understand how the population views the security of the system.
Seja o primeiro a reagir!