Inside Job? How One Employee’s Alleged Betrayal Led to a $140 Million Central Bank Hack

The breach, which targeted C&M Software, the company that links the central bank to local financial institutions, reportedly began with an alleged act of betrayal by one of its own employees.

Investigators believe the hackers gained access to C&M’s critical systems by purchasing the login credentials of an employee for what seems like a modest sum: around $2,700. This single transaction, if proven true, allowed cybercriminals to bypass sophisticated security measures and steal a staggering 800 million Brazilian reais from reserve accounts held at six different banks.

The alleged sale of login details highlights a growing concern in the cybersecurity world: the “insider threat.” This refers to security risks that come from within an organization, often from current or former employees, contractors, or business partners who have inside information concerning security practices, data, and computer systems. While many cybersecurity threats come from external actors trying to break in, insider threats can be particularly damaging because the individuals already have a level of trusted access.

“Cybercriminals see ‘massive’ returns in targeting centralized systems that can contain millions of passwords, sensitive documents or billions of dollars in capital, which makes these systems attractive targets,” explained Eran Barak, CEO of Shielded Technologies. This perspective suggests that the potential reward for an insider, even if a smaller cut is taken by selling access, can be incredibly tempting when compared to the risks of operating solely from the outside. This latest insider breach follows another earlier this year that saw Coinbase employees selling customer details for

Brazilian police have reportedly arrested a man identified as a C&M employee in connection with the hack, further pointing to the insider angle. This arrest suggests that authorities are focusing on the alleged sale of credentials as the primary point of entry for the attackers.

The stolen funds were quickly moved and disguised. Onchain detective ZachXBT noted that an estimated $30 million to $40 million of the stolen money was converted into popular cryptocurrencies like Bitcoin, Ether, and USDt. These digital assets were then reportedly laundered through exchanges and trading platforms in Latin America, making them harder to trace back to the original theft.

This incident serves as a stark reminder of the vulnerabilities inherent in centralized digital systems. In these systems, a single point of failure—like one compromised employee account—can have devastating consequences, leading to significant financial losses or the theft of sensitive information.