News

Hackers Target Evertec’s Sinqia in Bold $130M Pix Heist Attempt

Published

6 days ago

September 3, 2025

Hackers struck a major blow to Brazil’s popular Pix payment system, trying to swipe $130 million from financial tech firm Sinqia’s operations. This daring breach hit on August 29, 2025, raising alarms about cyber threats in instant banking. What tactics did they use, and how close did they get? Details reveal a tense fight to stop the theft.

The Shocking Breach Unfolds

In a stunning cyber attack, hackers infiltrated Sinqia’s systems, a key player in Brazil’s financial tech scene. Sinqia, owned by Evertec since 2023, connects banks to the Pix instant payment network run by Brazil’s Central Bank. The intruders aimed to pull off unauthorized transfers worth a whopping $130 million.

The breach happened fast on August 29, 2025, when Sinqia spotted odd activity in its Pix setup. Evertec, a big name in Latin American transaction processing, quickly filed a report with the U.S. Securities and Exchange Commission. This move highlighted the global reach of the incident, as Evertec is based in Puerto Rico but operates widely.

Local reports pointed fingers at impacts on banks like HSBC. A spokesperson from HSBC stressed that no customer money or info got hit. The attack focused on business-to-business deals involving two of Sinqia’s client banks.

Sinqia acts as a bridge for 24 financial outfits in Brazil to use Pix. Launched in 2020, Pix lets people send money instantly, any time, and has exploded in popularity. It’s now the go-to payment method there, but that fame makes it a prime target for crooks.

How the Hackers Broke In

Investigators found the hackers sneaked in using stolen login details from an IT vendor. This weak spot let them access Sinqia’s Pix area without raising early flags.

Once inside, they tried to move funds through fake transactions. Sinqia jumped into action, shutting down Pix processing right away. They called in outside experts to dig into the mess and secure things.

No signs show the hack spread beyond the Pix system, and personal data stayed safe, according to Evertec. That’s a relief in a world where data breaches often lead to identity theft nightmares.

This isn’t Pix’s first rodeo with threats. Android malware has long eyed the system, tricking users into bad transfers. But this breach stands out for hitting the backend, not just end users.

The Central Bank of Brazil stepped in fast, yanking Sinqia’s Pix access for now. Sinqia is working hard to share info and prove they’re fixing the issues to get back online soon.

Recovery Efforts and Financial Fallout

Part of the $130 million has already been clawed back, though Evertec hasn’t said how much. Teams are still chasing the rest, showing the attack didn’t fully succeed.

The hit could sting Sinqia’s wallet and reputation. Evertec warned in their SEC filing that costs and trust issues might pile up, possibly big time. They’re checking if internal controls need a shake-up too.

For everyday folks in Brazil, Pix is a daily essential. It speeds up everything from buying groceries to paying bills. A breach like this shakes confidence, making people wonder if their quick transfers are truly secure.

Banks and tech firms might now tighten vendor checks and boost monitoring. This event spotlights the risks of relying on third parties for critical systems.

Here’s a quick look at key players involved:

- - Evertec: Puerto Rico-based parent company, handles transactions across Latin America.
  - Sinqia: São Paulo firm specializing in banking software, acquired by Evertec in 2023.
  - Pix: Brazil’s instant payment system, used by millions daily since 2020.
  - Central Bank of Brazil: Oversees Pix and revoked Sinqia’s access post-breach.

Wider Implications for Cyber Security

This attack joins a growing list of cyber heists targeting payment networks worldwide. In Brazil alone, Pix scams have surged, with reports from cybersecurity firms like Kaspersky noting a 20% rise in related malware in 2024.

Experts say stolen credentials are a common entry point. A 2025 study by cybersecurity group CrowdStrike found that 80% of breaches involve weak or stolen logins. This data, gathered from global incident reports, urges companies to use multi-factor checks and regular audits.

For users, it means staying alert. Simple steps like watching for odd app behavior or avoiding shady downloads can help. But the real fix lies with firms like Sinqia beefing up their defenses.

The incident also tests international ties. Evertec’s U.S. filing brings SEC eyes to a Brazilian issue, possibly pushing for tougher global standards.

In a rare positive note, quick response limited the damage. Sinqia’s protocol worked, halting transfers before all funds vanished.

Timeline of Events	Date	Key Action
Pix Launch	November 2020	Brazil’s Central Bank introduces instant payments.
Evertec Acquires Sinqia	2023	Boosts Evertec’s reach in Brazil’s financial tech.
Breach Detection	August 29, 2025	Sinqia spots unauthorized access and shuts down.
SEC Filing	Early September 2025	Evertec reports details to U.S. regulators.
Access Revoked	Post-Breach	Central Bank halts Sinqia’s Pix operations.

This table shows how fast things moved, underlining the need for speedy reactions in cyber crises.

This brazen attempt to loot $130 million from Sinqia’s Pix operations underscores the fragile line between convenience and danger in modern banking, leaving Brazil’s financial world on edge while recovery pushes forward. It reminds us all how cyber threats can disrupt daily life, from small transfers to big business deals, and sparks hope for stronger safeguards ahead. What do you think about this breach and its effects on instant payments? Share your views and pass this story to friends on social media to spread awareness.