Fintech Firm Targeted in $130M Bank Heist Attempt by Hackers
▼ Summary
– Hackers attempted to steal $130 million from Evertec’s Brazilian subsidiary Sinqia by gaining unauthorized access to its Pix payment system environment.
– The breach occurred on August 29, 2025, prompting Sinqia to halt transactions and engage cybersecurity experts for investigation.
– Attackers used stolen credentials from an IT vendor’s account to access the system and attempted unauthorized transactions involving two financial institutions.
– Part of the stolen funds has been recovered, and Sinqia’s Pix access was revoked by Brazil’s Central Bank while restoration efforts continue.
– Evertec stated the financial and reputational impact remains unknown but could be material, with no evidence of personal data exposure beyond the Pix system.
A major cybersecurity incident involving a fintech subsidiary has exposed vulnerabilities in Brazil’s widely used instant payment infrastructure. Hackers attempted to siphon approximately $130 million from Sinqia S.A., a Brazilian firm owned by financial technology leader Evertec. The attackers gained unauthorized entry into Sinqia’s segment of the Central Bank of Brazil’s real-time payment network, known as Pix.
Evertec, a publicly traded transaction processing powerhouse with significant operations across Latin America and the Caribbean, disclosed the breach in a formal filing with the U.S. Securities and Exchange Commission. The intrusion was detected on August 29, 2025, prompting an immediate halt to all transaction processing within the compromised environment. Sinqia, which Evertec acquired in 2023, specializes in delivering software and IT solutions to financial institutions.
Upon discovering the unauthorized activity, Sinqia activated its incident response plan and brought in external cybersecurity forensic specialists to assist. The Pix system, introduced by Brazil’s central bank in late 2020, enables instantaneous money transfers at any time and has rapidly become the nation’s preferred payment method. Its popularity has also made it a frequent target for cybercriminals deploying banking malware.
Investigators determined that the perpetrators used stolen credentials from an IT vendor account to infiltrate Sinqia’s Pix environment. From there, they attempted to execute unauthorized business-to-business transactions involving two of Sinqia’s financial institution clients. While local media reports pointed to HSBC as one of the affected banks, a spokesperson confirmed that no customer funds or data were compromised.
Evertec has confirmed that a portion of the targeted funds has been successfully recovered, though the exact amount remains undisclosed. Efforts to reclaim the remainder are still underway. The company emphasized that the breach appears confined to Sinqia’s Pix operations, with no evidence suggesting broader system compromise or exposure of personal data.
In response to the incident, the Central Bank of Brazil temporarily suspended Sinqia’s access to the Pix network. The company is cooperating fully with regulators to restore services promptly by providing necessary documentation and security assurances. Sinqia’s Pix platform supports 24 financial institutions across Brazil, amplifying the potential operational and reputational consequences of the attack.
Evertec acknowledged that the full financial and reputational impact, including possible effects on internal controls, remains uncertain and could prove significant. The event underscores the persistent threats facing financial technology ecosystems and the critical importance of robust cybersecurity protocols among third-party vendors.
(Source: Bleeping Computer)