Portuguese 
English 
Spanish 
2 min of reading 
0 comments 
Hackers Invade Company Linked to Pix and Divert R$ 400 Million from Accounts at the Central Bank. Understand How the Attack Happened and Which Institutions Were Affected.
On last Tuesday (1st), a large-scale hacker attack hit the systems of C&M Software, the company responsible for connecting banks to the Pix and the Brazilian Payment System (SPB). The estimated damage is at least R$ 400 million.
How the Attack Happened?
According to investigations, the criminals used C&M as a sort of “gateway” to invade the reserve accounts of at least five financial institutions held at the Central Bank. This was made possible through the misuse of customer credentials, according to the company itself.
C&M acts as an intermediary between banks and the Pix settlement system, enabling transactions to occur in real-time. Upon detecting the invasion, the Central Bank disconnected the company from its network as a security measure.
-
Amazon will not stop selling physical books in Brazil; understand what really changes in May
-
São Paulo leads economic performance in Brazil over the last three years and consolidates its position as the country’s main financial power, according to a study by CLP.
-
With 39 years of halted construction and R$1 billion draining annually without generating a single watt, Angra 3 has become a ticking time bomb for Eletronuclear — while China put 20 new reactors into operation in the same period.
-
Giant power plant in Texas will combine gas and nuclear power to feed AI data centers and promises to deliver electricity even before the reactors are ready.
The Authorities’ Response
Both the São Paulo Civil Police and the Federal Police are investigating the case, which is considered highly complex and sensitive as it involves accounts directly linked to the Central Bank.
The company, in turn, stated that its critical systems continue to function normally and that all security measures have been taken according to protocols. However, it did not provide additional details, citing respect for the ongoing investigations.
Who Was Affected?
Among the affected institutions is Banco BMP, which confirmed that money was diverted from its account at the Central Bank. In a statement, BMP assured that no customer was impacted and that the loss was limited to the operational resources of the institution itself.
The bank also reported that it has sufficient guarantees to cover the losses and that its operations continue normally, without compromising partnerships or user safety.
What This Means for Pix Users
Despite the scare, no end customer has been directly affected so far. The Pix system continues to function normally. The incident raises an alert about the importance of cybersecurity in critical financial systems and shows that even essential intermediaries in the payment system can be targets of sophisticated attacks.
Tips for Protecting Yourself in the Digital World:
- Use strong and different passwords for each service
- Activate two-factor authentication whenever possible
- Be suspicious of links and emails
- Keep your devices updated
Be the first to react!