{"id":2712,"date":"2025-09-07T23:52:06","date_gmt":"2025-09-07T23:52:06","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/09\/07\/brazilian-fintech-giant-sinqia-reveals-130m-heist-attempt\/"},"modified":"2025-09-07T23:52:06","modified_gmt":"2025-09-07T23:52:06","slug":"brazilian-fintech-giant-sinqia-reveals-130m-heist-attempt","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2025\/09\/07\/brazilian-fintech-giant-sinqia-reveals-130m-heist-attempt\/","title":{"rendered":"Brazilian Fintech Giant Sinqia Reveals $130m Heist Attempt"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"https:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/ea721ff9-8ba4-4d88-b386-57e9e1606077.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Phil Muncaster\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>A leading Brazilian fintech company has revealed details of a cyber-attack in which threat actors attempted to steal 710 million reals ($130m) from two banking customers.<\/p>\n<p>Evertec subsidiary Sinqia provides software to connect financial institutions in the country to the central bank\u2019s popular Pix instant payments system.<\/p>\n<p>However, on August 29 it identified unauthorized activity in its Pix environment, the firm said in an SEC filing.<\/p>\n<p>\u201cThe unauthorized activity is related to business-to-business financial transactions involving two financial institutions that are customers of Sinqia\u2019s Pix transaction processing services,\u201d it explained.<\/p>\n<p>\u201cThe company believes that approximately R$710m in unauthorized transactions affecting those two Sinqia customers were processed through Sinqia\u2019s Pix environment on August 29, 2025. The company has been informed that a portion of that amount has been recovered and additional recovery efforts are ongoing.\u201d<\/p>\n<p>Sinqia added that the unauthorized transactions were made possible after threat actors were able to use compromised credentials from one of Sinqia\u2019s \u201cIT vendors.\u201d<\/p>\n<p><em>Read more on cyber-attacks impacting banking: Cyber-Attack on Evolve Bank Exposed Data of 7.6 Million Customers<\/em><\/p>\n<p>The two financial institutions affected were HSBC and Artta, according to a notice on the latter\u2019s website.<\/p>\n<p>Sinqia has terminated access to the compromised credentials, and the affected parties are currently awaiting a decision on when Pix and Brazilian Payments System (SPB) services are allowed to restart.<\/p>\n<p>Sinqia said that, on detecting the unauthorized activity, its incident response processes kicked in immediately and it halted Pix transaction processing before calling in forensic experts.<\/p>\n<p>\u201cSubsequently, the BCB informed Sinqia that it would not be permitted to resume processing transactions in the SPB and Pix until the BCB reviews and approves the actions taken,\u201d its SEC filing added.<\/p>\n<p>\u201cSinqia communicated promptly with federal and state law enforcement authorities in Brazil and the financial institution customers using its Pix environment.\u201d<\/p>\n<p>No data is believed to have been stolen in the raid.<\/p>\n<h2>Another Example of High-Stakes Credential Theft<\/h2>\n<p>Although the identity of the culprit is unclear, the attack appears relatively unsophisticated. However, it\u2019s yet another example of the security risks associated with static passwords.<\/p>\n<p>A Mandiant report from April revealed that use of stolen credentials for initial access accounted for 16% of incidents in 2024, up from 10% the previous year. That made it the second most popular method, after vulnerability exploitation.<\/p>\n<p>Verizon\u2019s DBIR\u00a0puts the figure at 22%, although this relates specifically to data breaches.<\/p>\n<p>The use of stolen credentials as a tactic for initial access and lateral movement is being fueled by an infostealer epidemic. Some 1.8 billion credentials were stolen in the first half of 2025, an 800% increase compared to\u00a0the previous six months, according to Flashpoint.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A leading Brazilian fintech company has revealed details of a cyber-attack in which threat actors attempted to steal 710 million reals ($130m) from two banking customers. Evertec subsidiary Sinqia provides software to connect financial institutions in the country to the central bank\u2019s popular Pix instant payments system. However, on August 29 it identified unauthorized activity<\/p>\n","protected":false},"author":2,"featured_media":2713,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2712","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2712-455e15ec-1bb8-4966-898e-a69f5a4e7df2.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2712-455e15ec-1bb8-4966-898e-a69f5a4e7df2-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2712-455e15ec-1bb8-4966-898e-a69f5a4e7df2.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2712-455e15ec-1bb8-4966-898e-a69f5a4e7df2.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2712-455e15ec-1bb8-4966-898e-a69f5a4e7df2.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2712-455e15ec-1bb8-4966-898e-a69f5a4e7df2.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2712-455e15ec-1bb8-4966-898e-a69f5a4e7df2.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2712-455e15ec-1bb8-4966-898e-a69f5a4e7df2.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2712-455e15ec-1bb8-4966-898e-a69f5a4e7df2.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2712-455e15ec-1bb8-4966-898e-a69f5a4e7df2.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2712-455e15ec-1bb8-4966-898e-a69f5a4e7df2-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2712","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2712"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2712\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2713"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}