Unveiled: Attempted Theft of $130 Million from Brazilian Fintech Giant Sinqia

On August 29, 2025, a significant cyber-attack targeted Brazilian fintech company, Evertec subsidiary Sinqia, disrupting its Pix transaction processing services. The attack, which saw approximately R$710 million ($130 million) in unauthorized transactions, affected two banking customers – HSBC and Artta – according to Artta's website.

Upon detecting unauthorized activity, Sinqia swiftly halted Pix transaction processing and communicated promptly with federal and state law enforcement authorities in Brazil, as well as the financial institution customers using its Pix environment. Forensic experts were called in to investigate the incident.

The cyberattack exploited a vulnerability in a third-party IT company, but the specific IT company providing the background of the attack remains unnamed in the available information. The attack was made possible due to compromised credentials from one of Sinqia's IT vendors.

The use of stolen credentials as a tactic for initial access and lateral movement is being fuelled by an infostealer epidemic. According to Verizon's DBIR, 22% of data breaches involve the use of stolen credentials. Mandiant's report from April revealed that use of stolen credentials for initial access accounted for 16% of incidents in 2024.

Despite the unauthorized transactions, no data is believed to have been stolen in the cyber-attack. Sinqia believes that a portion of the stolen amount has been recovered, and additional recovery efforts are ongoing, although no further details about the recovery of funds were provided in the SEC filing.

The Brazilian Central Bank (BCB) will not allow Sinqia to resume processing transactions in the SPB and Pix until a review and approval of the actions taken. The affected parties are awaiting a decision on when Pix and Brazilian Payments System (SPB) services can be restarted.

The attack serves as another example of the security risks associated with static passwords. In the first half of 2025, 1.8 billion credentials were stolen, an 800% increase compared to the previous six months, according to Flashpoint.

Sinqia has taken steps to address the issue, terminating access to the compromised credentials. The company continues to work closely with authorities and customers to ensure the security of its services and to prevent such incidents from happening in the future.