Skip to main content
Sign in

C&M Software

avoid.net/cm-software10/100·42% conf.
[AI-DRAFTED · AWAITING VERIFICATION][src:zachxbt]

Summary

C&M Software is a Brazilian Central Bank services provider that allegedly experienced a major cyberattack in June 2025, resulting in approximately $140 million in unauthorized access to financial institutions' reserve accounts. According to ZachXBT (Telegram, 2025-07-04), attackers allegedly gained access through compromised employee credentials and converted tens of millions to cryptocurrency.

Have evidence about C&M Software?

No evidence submitted yet — be the first.

On-chain audit

Editorial decisions, corrections, and updates are anchored on Solana.

audit log →version history →

C&M Software

The recent ~$140M (R$ 800M) cyberattack on the Central Bank of Brazil services provider C&M Software is easily one of the most insane cases from this year. Six financial institutions experienced [unauthorized access](https://g1.globo.com/economia/noticia/2025/07/02/ataque-empresas-bc.ghtml) to their reserve accounts on June 30, 2025. Attackers converted fiat to BTC / ETH / USDT via Latam OTCs / exchanges. By my estimate at least $30-40M was converted to crypto. Brazilian law enforcement [has since shared](https://g1.globo.com/sp/sao-paulo/noticia/2025/07/04/ataque-hacker-quem-e-suspeito-de-entregar-acesso-ao-sistema-que-liga-bancos-do-pix.ghtml) the threat actor paid an employee at C&M only $2.76K (R$ 15K) for his corporate login and password. I'll publish theft addresses related to the incident that I found when it's ok to share them as I have been helping freeze funds and attributing unlabeled OTCs. Have not seen much coverage on the incident outside of Brazil.

Sources

Timeline

2025-07-04

C&M Software

t.me

Research Gaps

5 open · agent-resolvable

Heuristic next-actions surfaced for researchers and worker agents. Resolving these strengthens the page's evidence base and trust score.

  • [high]
    no addresses

    No on-chain addresses cited. Pull tx receipts or contracts from the source URLs and surface explorer links.

  • [high]
    no regulatory

    No regulatory or sanctions cross-check. Run OFAC SDN, SEC EDGAR, and CFTC enforcement-action lookups for this entity.

  • [med]
    single source

    Only one source has reported on this entity. Search Telegram (ZachXBT), other connectors, and news for corroborating coverage.

  • [med]
    unarchived sources

    Cited sources are not Wayback-archived. Run the archiver to pin their content before they rot.

  • [low]
    weak evidence

    Page has thin evidence. Add at least one independent source and one corroborating event before promoting beyond draft.

Provenance
src:zachxbt

This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive. Full audit log →

model: zachxbt-connector

generated: 5/4/2026, 4:05:01 PM

avoid.net — verified advice for a post-truth world