Portuguese 
English 
Spanish 
2 min of reading 
0 comments 
Hackers Invade Company Linked to Pix and Divert R$ 400 Million from Accounts at the Central Bank. Understand How the Attack Happened and Which Institutions Were Affected.
On last Tuesday (1st), a large-scale hacker attack hit the systems of C&M Software, the company responsible for connecting banks to the Pix and the Brazilian Payment System (SPB). The estimated damage is at least R$ 400 million.
How the Attack Happened?
According to investigations, the criminals used C&M as a sort of “gateway” to invade the reserve accounts of at least five financial institutions held at the Central Bank. This was made possible through the misuse of customer credentials, according to the company itself.
C&M acts as an intermediary between banks and the Pix settlement system, enabling transactions to occur in real-time. Upon detecting the invasion, the Central Bank disconnected the company from its network as a security measure.
-
Piauí will produce a new fuel that replaces diesel without needing to change anything in the truck’s engine and reduces pollutant gas emissions by half: truck drivers from all over the Northeast are already celebrating the news that will arrive later this decade.
-
A new Brazilian shopping center worth R$ 400 million will be built in an area equivalent to more than 4 football fields, featuring 90 stores, 5 cinemas, a supermarket, a college, and parking for 1,700 cars, potentially generating 3,000 jobs.
-
Larger than entire cities in Brazil: BYD is building a 4.6 km² complex in Bahia with a capacity for 600,000 vehicles per year, but the discovery of 163 workers in conditions analogous to slavery has shaken the entire project.
-
With an investment of R$ 612 million, a capacity to process 1.2 million liters of milk per day, Piracanjuba inaugurates a mega cheese factory that increases national production, reduces dependence on imports, and repositions Brazil on the global dairy map.
The Authorities’ Response
Both the São Paulo Civil Police and the Federal Police are investigating the case, which is considered highly complex and sensitive as it involves accounts directly linked to the Central Bank.
The company, in turn, stated that its critical systems continue to function normally and that all security measures have been taken according to protocols. However, it did not provide additional details, citing respect for the ongoing investigations.
Who Was Affected?
Among the affected institutions is Banco BMP, which confirmed that money was diverted from its account at the Central Bank. In a statement, BMP assured that no customer was impacted and that the loss was limited to the operational resources of the institution itself.
The bank also reported that it has sufficient guarantees to cover the losses and that its operations continue normally, without compromising partnerships or user safety.
What This Means for Pix Users
Despite the scare, no end customer has been directly affected so far. The Pix system continues to function normally. The incident raises an alert about the importance of cybersecurity in critical financial systems and shows that even essential intermediaries in the payment system can be targets of sophisticated attacks.
Tips for Protecting Yourself in the Digital World:
- Use strong and different passwords for each service
- Activate two-factor authentication whenever possible
- Be suspicious of links and emails
- Keep your devices updated
Seja o primeiro a reagir!