A major cyberattack targeted C&M Software, a Brazilian technology provider that connects financial institutions to the Central Bank of Brazil's payment system, including the Pix instant payment platform. The attack, which began on June 30, 2025, involved unauthorized access to reserve accounts of at least six financial institutions, including BMP, Bradesco, and Credsystem. Criminals exploited a software vulnerability and used legitimate client credentials to divert funds rapidly through Pix transactions. Estimates of the financial losses vary, with initial reports suggesting up to R$1 billion (approximately USD 180 million) was stolen, while later investigations confirmed at least R$541 million diverted in 166 Pix transfers to 29 companies, some of which were newly created entities. The stolen funds were laundered partially through cryptocurrency exchanges such as Bitcoin. The incident caused temporary disruption of Pix services, affecting thousands of bank customers, though individual retail clients' funds were reportedly not compromised. In response, the Central Bank suspended three financial institutions from Pix operations and authorized C&M Software to restore its services. The Federal Police and São Paulo Civil Police launched investigations, leading to the arrest of a suspect employed by a third-party IT company contracted by C&M Software. The individual allegedly facilitated the attack by selling system credentials for R$15,000 and developing tools to access the Central Bank's secure systems. Authorities have recovered approximately R$18 million of the diverted money and continue pursuing the remaining funds. The case is considered the largest cyberattack on Brazil's financial system to date, with potential total losses estimated between R$800 million and R$3 billion. The investigation remains ongoing as law enforcement works to identify additional perpetrators and secure the financial infrastructure.