SÃO PAULO — In Brazil’s most audacious digital heist to date, cybercriminals looted around ₹1,200 crore from six financial institutions via the country’s instant-payment system, PIX—all by bribing an insider for just ₹2.3 lakh.
A Brief Introduction about Prof. Triveni Singh, PhD | Ex-IPS | FCRF| FutureCrime Researcher
Inside the PIX Infrastructure Breach
The breach centred on C&M Software, a firm that connects Brazil’s Central Bank with fintechs and smaller banks through the PIX platform. Hackers reportedly paid João Nazareno Roque, a C&M IT technician, to obtain his system credentials and later convinced him to install malicious code enabling unauthorised transfers.
On June 30, over a concentrated three-hour period, the fraudsters executed a wave of PIX transactions that siphoned reserve funds. One affected fintech, BMP, alone lost nearly ₹634 crore. Brazil’s Central Bank acted swiftly by suspending C&M’s access to the PIX network to prevent further damage.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
₹343 Crore Laundered Through Cryptocurrency
A substantial portion of the stolen funds—estimated at ₹343 crore—was laundered using cryptocurrency, funnelled into Bitcoin, Ethereum, and Tether through Latin American over-the-counter (OTC) desks. Blockchain analyst ZachXBT and law enforcement traced the stolen crypto, freezing one wallet holding about ₹710 crore in recovered funds.
Roque was arrested on July 3. During interrogation, he claimed the hackers communicated with him via WhatsApp and delivered payments through motorcycle couriers. Authorities continue to track remaining funds across borders, amid growing concerns about the misuse of fintech infrastructure.
Brazilian police have so far blocked ₹710 crore worth of stolen assets. The Central Bank and financial regulators are now re-examining PIX protocol security and third-party access frameworks in light of the breach.
About the Author – Anirudh Mittal is a B.Sc. LL.B. (Hons.) student at National Forensic Sciences University, Gandhinagar, with a keen interest in corporate law and tech-driven legal change