Revised Analysis of the $130 Million Cyber Heist Attempt on Brazil's Pix System

The attempted $130 million cyber heist on Evertec’s Sinqia S.A. has highlighted vulnerabilities in Brazil’s Pix system, a real-time payment network introduced by the Central Bank in 2020. With over 75% of the population using Pix, its popularity makes it a prime target for cybercriminals. The breach was detected on August 29, 2025, when unauthorized activity was identified within Sinqia’s environment connected to the Pix system. This incident highlights the urgent need for robust cybersecurity measures, especially in systems as widely used as Pix (Bleeping Computer).

Exploitation of the Pix System

The Pix system, introduced by Brazil’s Central Bank in 2020, has rapidly become the country’s most popular method for transferring money, adopted by over 75% of the population. Its real-time payment capabilities and widespread use make it an attractive target for cybercriminals. The attempted $130 million cyber heist on Evertec’s Sinqia S.A. underscores the vulnerabilities inherent in such a widely used system.

Unauthorized Access via Stolen Credentials

The hackers gained access to Sinqia’s Pix environment by exploiting stolen credentials from an IT vendor’s account. This method of entry highlights the importance of securing third-party access points. The breach was detected on August 29, 2025, when Sinqia identified unauthorized activity within its environment connected to the Brazilian Central Bank’s real-time payment system, Pix. Upon detection, Sinqia halted transaction processing and engaged cybersecurity forensics experts to mitigate the threat (Bleeping Computer).

Targeting Business-to-Business Transactions

The attackers attempted to perform unauthorized business-to-business transactions involving two financial institutions that are customers of Sinqia. Local media implicated HSBC bank in the incident, although a spokesperson from HSBC stated that customer funds or data were not impacted. The focus on business-to-business transactions suggests that the hackers aimed to exploit high-value transfers that could go unnoticed in the volume of transactions processed by the Pix system (Bleeping Computer).

Immediate Response and Mitigation Efforts

Upon detecting the breach, Sinqia promptly deactivated its Pix environment to prevent further unauthorized transactions. The Brazilian Central Bank quickly intervened, blocking approximately 350 million reais before the transfers could be processed. This swift action was critical in minimizing the potential financial impact of the attack. Sinqia is now working to rebuild the affected systems with enhanced controls and will only restore Pix access pending a thorough review by the central bank (Insurance Journal).

The Role of C & M Software

A significant aspect of the breach involved C & M Software, a tech service provider connected to the Pix infrastructure. Hackers exploited a vulnerability within C & M Software, which serves as an intermediary enabling access to Pix for institutions lacking their own connectivity. This breach allowed attackers to siphon off hundreds of millions of reais, prompting a reassessment of cybersecurity protocols across the industry (Valor International).

Financial and Reputational Impact

The financial and reputational impact of the incident is still being assessed. Evertec has noted that the breach’s impact is currently limited to Sinqia’s Pix environment, with no evidence of personal data exposure. However, the potential implications for Evertec’s internal controls and the broader financial sector in Brazil could be significant. The incident has highlighted the ongoing risks associated with integrating instant payment networks and the need for robust cybersecurity measures (Bleeping Computer).

Reinforcing Cybersecurity Measures

In response to the breach, there is a renewed urgency within the financial sector to strengthen security policies. The attack has underscored the growing threat of cybercrime and the need for enhanced authentication and transaction monitoring controls. The movement of stolen funds into cryptocurrencies further complicates recovery efforts, emphasizing the importance of blockchain monitoring in investigating cyberattacks (TechStory).

Conclusion

While the Pix system has revolutionized payments in Brazil, its popularity and central role in the economy make it a high-value target for cybercriminals. The attempted heist on Evertec’s Sinqia S.A. serves as a stark reminder of the vulnerabilities present in even the most advanced payment systems. As the financial sector continues to grapple with these challenges, the importance of robust cybersecurity measures cannot be overstated. Enhanced authentication and transaction monitoring controls are crucial to safeguarding against future threats.

References

• Bleeping Computer. (2025). Hackers breach fintech firm in attempted $130M bank heist. https://www.bleepingcomputer.com/news/security/hackers-breach-fintech-firm-in-attempted-130m-bank-heist/
• Insurance Journal. (2025). Brazilian Central Bank blocks $130M cyber heist. https://www.insurancejournal.com/news/international/2025/09/02/837574.htm
• Valor International. (2025). Pix hacking prompts cybersecurity reckoning in Brazil. https://valorinternational.globo.com/markets/news/2025/07/03/pix-hacking-prompts-cybersecurity-reckoning-in-brazil.ghtml
• TechStory. (2025). Inside Brazil’s $100 million Pix cyber heist: How an insider unlocked the vault. https://techstory.in/inside-brazils-100-million-pix-cyber-heist-how-an-insider-unlocked-the-vault/