Sinqia, a prominent Brazilian fintech company, admits to a failed $130 million heist attempt.

In a significant cybersecurity incident, leading Brazilian fintech company Sinqia experienced an attack on August 29, 2025. The attack targeted two of Sinqia's banking customers, HSBC and Artta, and aimed to steal approximately 710 million Brazilian Reais ($130 million).

The unauthorized activity was related to business-to-business financial transactions and was processed through Sinqia's Pix environment. However, it's reassuring to note that no data is believed to have been stolen in the raid.

Upon detecting the unauthorized activity, Sinqia promptly halted Pix transaction processing and terminated access to the compromised credentials. The compromised credentials used in the attack were from one of Sinqia's IT vendors.

The use of stolen credentials as a tactic for initial access and lateral movement is being fueled by an infostealer epidemic. According to the Mandiant report from April, use of stolen credentials for initial access accounted for 16% of incidents in 2024. In the first half of 2025, some 1.8 billion credentials were stolen, marking an 800% increase compared to the previous six months, as reported by Flashpoint.

Sinqia has been proactive in its response, communicating with federal and state law enforcement authorities in Brazil and the financial institution customers. The affected parties are currently awaiting a decision on when Pix and Brazilian Payments System (SPB) services can be restarted, as the BCB has informed Sinqia that it will not be permitted to resume processing transactions in the SPB and Pix until the BCB reviews and approves the actions taken.

A portion of the stolen amount has been recovered, and additional recovery efforts are ongoing. Information about the attack on HSBC and Artta can be found on Artta's website.

This incident serves as a stark reminder of the importance of robust cybersecurity measures, especially in the financial sector. As the digital landscape continues to evolve, it's crucial for companies to stay vigilant and adapt to the ever-changing threat landscape.