Bank Heist of $130 M While Hackers Breached Fintech Firm
Bank Heist of $130 M While Hackers Breached Fintech Firm
“Some hackers attempted to steal $130 M while hacking into a finance & tech firm. Read, how!”
After getting unauthorized access to the environment on the central bank’s real-time payment system (Pix), hackers attempted to steal $130 million from Evertec’s Brazilian subsidiary Sinqia S.A.
One of the largest full-service transaction processors in Latin America, Puerto Rico, and the Caribbean is Evertec, a publicly traded financial technology company.
Sinqia, a publicly traded firm situated in São Paulo that provides IT services and financial software to the banking and financial sector, was purchased by Evertec in 2023.
In a report to the U.S. Securities and Exchange Commission (SEC), Evertec said that on August 29, hackers gained access to Sinqia’s networks and tried to carry out illicit operations.
SEC filing
| “On August 29, 2025, Sinqia S.A., a Brazilian division of EVERTEC, Inc., discovered illegal behavior within its environment of the Pix real-time payment system operated by the Brazilian Central Bank,” reads the SEC filing.
“After discovering the problem, Sinqia stopped processing transactions in its Pix environment and started collaborating with external cybersecurity forensics specialists in compliance with its incident response protocol.” |
The Central Bank of Brazil introduced Pix, the country’s immediate payments system, in November 2020. It enables real-time money transfers around the clock.
In Brazil, it has emerged as the most popular payment method, and Android banking malware frequently targets it.
Unauthorized business-to-business transactions between two financial institutions that are Sinqia’s clients were attempted by the hackers.
While a bank representative emphasized that this event has not affected customer funds or data, local media outlets implicated the HSBC bank.
Evertec states that recovery attempts are still ongoing and that a portion of the $130 million has already been recovered, but it does not specify how much.
The incident’s investigation revealed that the hackers used credentials that had been stolen from an IT vendor’s account to access Sinqia’s Pix environment.
Evertec offers no proof that personal information has been compromised or that the effects go beyond Sinqia’s Pix environment.
The Central Bank of Brazil has currently blocked Sinqia’s access to Pix, but the company is making every effort to reinstate it as soon as possible by giving the authorities the necessary information and guarantees.
In terms of the financial impact, Evertec points out that 24 Brazilian financial institutions rely on Sinqia’s Pix environment to run their operations.
Sinqia S.A.
| “Although it is unknown at this time, the incident’s potential financial and reputational effects, including any effects on the company’s internal controls, could be significant,” notes the company. |
About The Author
Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”
Read More:
Telangana Launches ‘Vyuha’ Cybersecurity Innovation Lab
About Author
English