C&M Software, the service provider that connects Brazil’s Central Bank to local banks and other financial institutions, was hacked on Wednesday, leading to 800 million Brazilian reais ($140 million), in stolen funds from six institutions connected to the central bank.
The hack occurred after an employee of C&M allegedly sold his login credentials to the threat actor for roughly $2,700, allowing them to access the software system and steal funds held in reserve accounts, according to Brazilian news outlet São Paulo.
Onchain detective ZachXBT said the hackers converted an estimated $30 million to $40 million of the stolen funds to Bitcoin (BTC), Ether (ETH) and USDt (USDT), which they laundered through Latin American exchanges and over-the-counter (OTC) trading platforms.
The incident highlights the growing risk of cybersecurity threats facing centralized software systems and servers, where single points of failure can lead to significant financial losses or the theft of sensitive data.
Related: Crypto losses hit $2.5B in first half of 2025, but hacks fall in Q2: CertiK
Centralized systems are sitting ducks in the age of artificial intelligence
Centralized digital systems are inherently vulnerable to hacks, infiltration, ransom attempts and software exploits. These vulnerabilities are exacerbated by artificial intelligence and AI tools.
Centralized crypto exchanges (CEXs) recorded an uptick in hacks in Q3 and Q4 2024, as hackers turned their sights to digital platforms with single points of failure, according to Chainalysis.
Eran Barak, CEO of Shielded Technologies, the developer behind the Midnight data protection blockchain, told Cryptox that privacy tools will be increasingly necessary to ward off AI-assisted hackers.
The CEO said cybercriminals see “massive” returns in targeting centralized systems that can contain millions of passwords, sensitive documents or billions of dollars in capital, which makes these systems attractive targets.
Decentralized blockchain technologies like zero-knowledge proofs (ZKPs) remove this temptation by forcing hackers to target individual wallets or accounts instead of a centralized database containing millions of records, Barak said.
“Their return on investment (ROI) would be one record instead of millions — not worth it. They are going to go elsewhere,” the CEO said.
Magazine: Coinbase hack shows the law probably won’t protect you: Here’s why
