A cyberattack on C&M, a software provider connected to the Central Bank of Brazil, led to a major financial breach on June 30. Hackers stole $140 million in fiat currency from reserve accounts linked to six financial institutions.
According to a developer’s claim, the attackers bought access credentials for just $3,000. This insider access gave them full entry to banking systems. ZachXBT confirmed that this matched the timeline of the incident he had been investigating.
Once inside, the attackers moved the stolen funds. ZachXBT said that about $40 million was converted from fiat to cryptocurrencies, including Bitcoin, Ethereum, and USDT. The operation went unnoticed at first, with no public alerts from authorities or the banks.
ZachXBT Traced Crypto Laundering Across Brazilian Exchanges
ZachXBT began tracking the movement of crypto soon after the incident. He noticed unusual volume spikes on several Brazilian exchanges on the same day the breach occurred. Since no official warnings were released, he manually traced hot wallet outflows that matched the timing of the hack.
He estimated that around $5 million worth of crypto assets had been frozen so far. This was done through coordination with Tether, Binance, Bitso, Bybit, and Chainalysis’ CFInvestigators. He clarified that this amount only reflects the funds frozen at the current stage of the investigation.
In several replies on X, ZachXBT emphasized that tracking efforts remain ongoing. The actual total of crypto moved or held in unknown wallets could be higher. He continues to monitor wallet movements and exchange activity.
Circle Refused to Assist in ZachXBT’s Tracing Effort
During the ongoing efforts, one social media user mentioned that most platforms helped—except Circle. ZachXBT replied, stating that “Circle leadership does not actually care about the industry.” This direct statement followed growing questions about which companies participated in recovery actions.
ZachXBT’s criticism highlighted a lack of coordination from certain parts of the crypto industry during emergency events like the Brazil bank hack. While some exchanges and service providers acted fast, others did not contribute to freezing stolen funds.
He also noted that tracking these movements is extremely time-consuming. Since no official government support was offered at the start, most of the tracing work came from private individuals and companies in the blockchain sector.
$5M Frozen So Far, $140M Still Under Review
At this stage, about $5 million in crypto has been frozen, according to ZachXBT’s report. He confirmed that these assets were spread across multiple blockchains and centralized platforms. Exchanges involved included Binance, Bitso, and Bybit, while Tether and Chainalysis also supported the freeze.
He shared that he first flagged wallet activity based on on-chain analysis, before confirming involvement of funds connected to the C&M software breach. While many wallets remain active, investigations are still in progress.
Related: Brazil Central Bank Responds to $140M Heist That Breached Key Technology Supplier
The cyberattack involved an insider sale of credentials and led to one of the largest known crypto laundering events in Latin America this year. Authorities in Brazil have not issued further details or named suspects in the case. No official arrests related to the crypto laundering part have been confirmed yet.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
